SINGAPORE: Two new two-factor authentication (2FA) options will be available for SingPass users transacting with government digital services starting Wednesday (Dec 16), including an option to use face verification.
The new options will be rolled out ahead of the decommissioning of the OneKey token option at the end of March, and will “provide more convenience and accessibility to government digital services securely”, GovTech Singapore said in a news release.
“This is in line with the Government’s efforts to build a digitally inclusive society by enabling digital access to government digital services for people from all walks of life,” it added.
“Together with SingPass Mobile and SMS-OTP (one-time password), there are now four other 2FA options for the current OneKey token users.”
With the new face verification option, users can log in with their SingPass ID and password before scanning their face on an Internet-enabled computer with a web camera or a mobile device with a front-facing camera.
Those who do not have such devices can visit selected public locations to use this service, GovTech said. The service is available at the IRAS Taxpayer and Business Centre, Our Tampines Hub’s public service centre and the Central Provident Fund Board’s Bishan service centre, with more locations to be added progressively.
Security measures are also in place to prevent fraud, including liveness detection technology, which will detect and block the use of a photograph, video or mask during the verification process.
Data encryption and security incident monitoring are also in place to ensure that personal data is securely protected.
Additional authentication factors such as passwords and SMS-OTP may also be required in addition to biometrics for more sensitive transactions. This is to ensure that someone with similar features, such as an identical twin, will not have access to the account, GovTech said.
“We recognise that there are users who might not be as digitally savvy or able to navigate computers or smartphones,” National Digital Identity senior director Kwok Quek Sin said.
Mr Kwok added that the option is “especially useful” as it reduces the need to key in additional information, such as one-time passwords as well as helping overseas Singaporeans who may not have a locally-registered number to receive OTPs via SMS.
MULTI-USER SMS 2FA
The existing SMS-OTP 2FA method will also be extended with the multi-user SMS 2FA. This option will allow users who require assistance to have their OTP sent to another SingPass user’s mobile number when transacting online.
For example, elderly parents can have their OTP sent to their child’s mobile number, and have them assist in providing the 2FA to complete the transaction.
The decommissioning of the OneKey token was announced in March this year.
“We are actively facilitating the remaining 120,000 OneKey token users to transit to these alternative 2FA methods, through direct mail, digital clinics and digital ambassadors,” GovTech said.