Singapore will bin the physical tokens used to provide two-factor authentication (2FA) for some digital government services.
The city-state operates "SingPass", a government service that connects Singapore's residents with 200 government services. SingPass helps residents to file taxes, apply for public housing, or checking the balance of their pension accounts.
In 2016, the government enabled two-factor authentication (2FA) for SingPass accounts to improve security. The measures required users to input a code from a physical "OneKey" token in addition to their regular password to access their accounts.
But today the government announced plans to scrap the physical tokens, which account for only two per cent of logins. New tokens and replacements will not longer be issued from October, and they will stop working entirely from April next year, the government said.
The government is instead encouraging users to use the SingPass Mobile app, which was released in 2018. The app uses fingerprint, face recognition, or a six-digit passcode to grant access and, together with SMS 2FA, account for 98 per cent of logins.
In addition to the regular government services, SingPass Mobile also allows users to access selected private sector services, such as insurance and the grants portal on the Singapore National Employers Federation website.
Users who cannot use the app can continue to access the online services by setting up SMS 2FA, which will send a code to their mobile phones, or visit one of the 46 SingPass retail outlets across the island.
But the app is preferred. As it should be, given 2015 advice from the United States' National Institute of Standards and Technology that SMS 2FA is not sufficiently secure.
Kok Ping Soon, chief exec of Singapore's digital transformation team, GovTech, said: "The SingPass Mobile app is key to Singapore's national digital identity initiative. We are encouraged by the strong support so far and will do more to promote the use of the app, so that more users can transact online with the government and private sector easily and conveniently."
"We will also work with our partner agencies to help more citizens learn how to use SingPass Mobile, and continue to find new solutions which ensure security and convenience for our citizens." ®
Sponsored: Webcast: Ransomware has gone nuclear