New version of SingPass system to be ready in 2015: IDA
[Update Friday 6 June 2014, 11:47am: Added new updates from Infocomm Development Authority of Singapore on SingPass system]
An enhanced version of the SingPass system is on its way and will be ready by the latter half of 2015, according to an Infocomm Development Authority spokesperson on Thursday, in light of the recent security issue which affected 1,560 IDs and passwords of SingPass users.
"We would like to assure all users that the SingPass system was not compromised and the vast majority of over 3 million SingPass users are not affected by this incident," said IDA.
IDA, the regulatory infocom body in Singapore, is also exploring further measures to improve the system such as allowing users to set their own usernames instead of NRIC numbers and two factor authentication for e-government transactions, particularly for those involving sensitive data.
In the meantime, IDA urges Singaporeans to strengthen their passwords, using alphanumerics with eight to 24 characters, preferably with capital letters and symbols, to better protect their accounts.
On Wednesday, IDA announced that a total of 1,560 IDs and passwords of SingPass users were potentially accessed without the user’s permission.
A police report was filed on Tuesday after they were notified by SingPass operator CrimsonLogic a day earlier, saying that a number of users have received Password Reset Notification letters even though they had not requested for any password reset. Police investigations are ongoing.
Based on early IDA investigations, they said an “anomaly was detected between the number of mobile numbers used for Immediate Reset One Time Passwords and the number of SingPass accounts that they were tied to”.
Out of the 1,560 users accounts that were potentially accessed, 419 of them had their passwords reset, triggering the password reset notification letters to be sent to the registered email addresses. Letters have been sent to affected users to notify them of this incident.
Based on checks, IDA said there is no evidence of the SingPass system being compromised, adding that the government “takes cyber security very seriously” and that “the protection of personal data and the delivery of secure e-Services are critical”.
