Singpass is every Singapore resident’s trusted digital identity. It Provides easy and secure access to over 1,400 government and private sector services online and in person. Logging in to digital services, proving identity over counters and digitally signing documents are just some of the many functions of Singpass. Singpass is managed by the Government Technology Agency (GovTech) and is one of eight strategic national projects that drive Singapore’s Smart Nation vision.
Today, there are over 4 million Singpass users with over 170 million transactions conducted annually. This translates to a large amount of sensitive data within the Singpass system. Any vulnerabilities in data security would result in citizens’ compromisation of personal information. Therefore, it is imperative that Singpass enforces strong data security integration. The Singpass system is reviewed regularly with many on-going security enhancements to ensure that a secure Singpass service is delivered to users.
Two-factor Authentication
One of the ways in which Singpass improves data security is through the use of two-factor authentication (2FA). 2FA is a security process in which users provide two different authentication factors to verify themselves. The first relies on password and the second is usually either through a security token or biometric factor including fingerprints or facial scans.
For Singapore 2FA Singpass, users are required to enter their Singpass ID and password, followed by a one-time password (OTP) sent via SMS or Singpass Face Verification, serving as an additional layer of security. 2FA makes it harder for attackers to gain access to an individual’s account as a password alone is not sufficient to pass the authentication check.
2FA has long been used to control access to sensitive systems and data. Beyond Sinpass, many online service providers are increasingly using 2FA to protect their users' credentials from being used by hackers.
MyInfo Integration
Authenticated through Singpass, Myinfo is a digital personal data platform which helps citizens fill in digital forms automatically instead of doing so repeatedly for every transaction. It has been assured that this action to link citizen accounts, used to access e-government services, to an autofill form system would not leave user data any less secured. The data is not stored in a centralised ‘digital vault’ with a common database but instead, across multiple systems and protected with various security measures. It extracts the relevant citizen data provided to and archived by the respective government agencies, as and when they are required to pre-fill forms.
With emphasis that the government takes Myinfo integration and data security of citizens seriously, GovTech spokesperson said “Myinfo data is stored across multiple systems that are safeguarded by cybersecurity measures, including a combination of end-to-end encryption and multi-layered security. In line with industry best practices, these measures are reviewed and updated on a regular basis to enhance data protection."
FormsSG – Data Security Classification
Developed by GovTech’s Data Science & Artificial Intelligence Capability Centre, FormSG replaces the use of paper forms, enabling public officers to create digital government forms quickly and effortlessly. It provides integration with government systems, allowing it to support authentication through Singpass. FormsSG revolves around data security classification in Singapore. Classifying data is essential to know how to secure it and prevent security incidents. This is how FormsSG collects and executes data security classification.
Sign with Singpass
‘Sign with Singpass’ allows users to digitally sign documents through the Singpass mobile app. This feature leverages cryptographic technology, ensuring that signatures are identifiable and uniquely linked to the signer. In this way, businesses have greater peace of mind with regards to the authenticity of the signed documents. While organisations are assured of the security provided, users stand to gain from benefits as well. Users have the flexibility of choosing their preference of integrating this feature with their own document management systems or solutions offered by digital signing partners. The convenience of signing anywhere, anytime is also made possible.
All in all, it is apparent that data governance and security in Singapore is treated with immense care and thought. Though the nation has done well in protecting citizens’ sensitive, personal information and achieved high data security through Singpass, users can also do their part in protecting their own information. Data security works best when both parties are doing their part. These are some tips for users to protect their own data.
At Adnovum, we are your experienced data protection service providers. By following in the footsteps of Singpass’s strict data governance in Singapore, we are committed to developing quality cybersecurity solutions. Begin your journey to better data protection and contact us today!