- POSTED: 07 Jul 2014 16:16
- UPDATED: 11 Jul 2014 17:18
Communications and Information Minister Yaacob Ibrahim said the recent SingPass breach could have been caused by weak passwords or malware residing on affected users' computers.
SINGAPORE: There is no vulnerability in the SingPass system, said Communications and Information Minister Yaacob Ibrahim in Parliament on Monday (July 7).
He said the breach of the 1,560 SingPass accounts that IDA flagged on June 4 could have been through other means, such as users having very simple passwords that are easily guessed by cyber criminals. Another possible reason could be that malware was installed in the affected users' computers that captures victims' keystrokes, thereby revealing their user ID and passwords, the minister added.
Last Friday, Manpower Ministry (MOM) and Infocomm Development Authority of Singapore (IDA) jointly announced that three of the 1,560 compromised SingPass accounts were used to apply for six fraudulent work pass applications.
Said Dr Yaacob: "We have not seen any attacks on the SingPass account in the past, but there have been one or two breaches, especially in the applications of work permits and the Manpower Ministry discovered it even before the latest breach and they cancelled it immediately."
He also urged users to have stronger passwords and update their anti-virus software to better safeguard their sensitive personal information.
STEPS TAKEN TO STRENGTHEN SINGPASS
Going forward, the MCI will work with the Finance Ministry and the IDA to further enhance security measures, he said. This includes introducing two-factor authentication, or 2FA, for e-Government services involving sensitive data or transactions.
Dr Yaacob said a contract to implement a new SingPass system, awarded in April this year, would look at allowing users to define their own user names instead of the default NRIC or FIN number currently.
As for 2FA implementation, the various Government agencies will each implement the additional layer of authentication and reveal their timelines in the later part of the year, the minister said.
Dr Yaacob said 2FA was not introduced earlier because not everyone had the capability or know-how to use the technology when SingPass was introduced initially.
The Government is also looking at possibly mandating more frequent password changes for SingPass accounts, although this might result in a slight increase in cases in which users who forget their passwords are unable to access certain Government e-services.