The Infocomm Development Authority of Singapore (IDA) has started resetting passwords of about 400,000 SingPass accounts that have been inactive for more than three years. The move is as part of IDA's efforts to improve the security of the system after 1,560 SingPass accounts were compromised in June this year.
The infocomm industry regulator said that it is currently sending out notification letters to urge users of inactive accounts to reset their passwords. Users are given 14 days to change their passwords before their accounts are deactivated. Accounts found to have unusual activities will also have their passwords reset, said Government chief information office assistant executive Chan Cheow Hoe at a media briefing on 27 November 2014. To restore an account, users will need to make an online request or visit SingPass centres to receive a new password.
IDA also plans to implement a Two Factor Authentication (2FA) for online government transactions, especially those involving sensitive data, from the third quarter of 2015. The one-time password could be delivered through SMS or a hardware or software token.
Since there is varying levels of comfort in using mobile phones for authentication, IDA will only decide if 2FA should be made mandatory after implementing the measure for one year, said Chan.
A tender for the 2FA vendor is expected to take place in the next few months. However, it is still undecided if the tender will be an open or closed tender, added Chan.
Sign up for CIO Asia eNewsletters.