The Infocomm Development Authority of Singapore (IDA) is reviewing the SingPass login system after 1,560 accounts were potentially accessed without user's permission earlier this week.
As part of the review, IDA will "explore further measures such as allowing users to set their own usernames in the new system," according to the statutory board's media statement on Thursday (5 June 2014). Currently, users are using their National Registration Identity Card (NRIC) numbers as the login ID to the SingPass system.
IDA is also looking at using two-factor authentication (2FA) for e-government transactions, especially those involving sensitive data. 2FA is the verification of a user through a one-time randomly generated password from a security device. It is used as a second level of authentication, which is required after users login with their user ID and password.
Despite these moves, IDA encourages SingPass users to "strengthen their passwords to one that are alphanumeric with 8-24 characters, preferably with capital letters and symbols, to better protect their accounts."
Sign up for Computerworld eNewsletters.