If you do iBanking, then you would probably be very familiar with these annoying little calculator-like tokens that help keep your accounts safe.
And since the mass breach of 1,560 SingPass accounts last June, IDA has been pushing for Singapore citizens and permanent residents to begin using similar tokens to secure their e-government transactions.
SingPass is a password used to secure Singapore residents’ access to government services, such as income tax returns and CPF records. As reported by The Straits Times, some of the breached SingPass accounts were used by hackers to make applications for work passes.
As early as July, Singapore residents will be able to register for the OneKey token, issued by Assurity Trusted Solutions. The token can be used to generate one-time passwords (OTP) to access their online government services, securing sensitive information. This essentially gives SingPass access a two-factor authentication, making it necessary for users to key in a OTP on top of their usual Singpass and username. Users can alternatively opt to recieve the OTP via SMS.
600,000 OneKey tokens have already been issued to online investors and members of the NTUC (National Trades Union Congress) to protect their sensitive information.
While I’m not looking forward to having yet another device to look after (where has my DBS token gone to?), I can’t deny that an extra layer of security would help. So until it’s possible for us to use biometric systems to access our SingPass, it’s probably best to settle for this OTP system.
Now how do I secure my token?