Users logging in to government e-services with SingPass can now verify their identities more easily by scanning their faces or sending a one-time password over SMS to a trusted family member or friend.
The new two-factor authentication (2FA) options, rolled out yesterday in Singapore, are aimed at helping the less tech-savvy connect securely to e-government services.
They will still have to login to their SingPass account with a username and password, but they can do away with a separate physical token.
For face verification, they can scan their faces with a regular PC webcam or a mobile phone’s camera to confirm their identity to the system.
Alternatively, they can get the system to send a one-time password over SMS to a trusted person’s phone that has been previously linked up. This way, a senior can have his child verify his identity to help log in to e-government services for him.
The two new options add on to other existing ways to log in via SingPass. For more savvy users, a SingPass Mobile app introduced in 2018 lets them log in without a password, by using biometric sign-on from their mobile device.
Alternatively, they may continue sending one-time passwords via SMS to log in to e-government services under SingPass.
The old way 2FA method of using the OnePass token will be phased out in March 2021, said the Government Technology Agency of Singapore (GovTech) yesterday.
Of course, with any new digital convenience, there are always the necessary precautions to take.
Do not, for example, send a password to a stranger asking for it over the Internet or to scammers impersonating policemen or other government officials.
As for fraudsters faking your ID by scanning a photo of you? GovTech says system is able to detect “liveness”, so it will know if there it’s the real you, instead of a photo of you, that is facing the camera.