http://www.todayonline.com/singapore/singpass-security-be-raised-after-breach?singlepage=true
Changes will be made to the SingPass system to beef up its security, the Infocomm Development Authority of Singapore (IDA) said. This after a recent breach of 1,560 SingPass accounts.
The use of two-factor authentication (2FA) to protect SingPass had been considered as early as 2012 but no awards were made even after the IDA put out a tender for it two times - in August that year and in June last year.
 |
| We need back up, over. |
The use of a one-time password — a unique code sent to either a mobile number set by a user or to a security token each time he logs in — has been a standard security feature imposed on banks for Internet banking transactions since 2006.
Banks also allow users to set their own log-in names for their online banking systems, unlike for SingPass where log-in names are NRIC numbers.
In the recent SingPass security breach, 1,560 accounts being cracked.
These users’ account profiles were illicitly updated to be tied to a disproportionately small pool of Singapore-registered mobile numbers. Among the affected users, 419 accounts had their passwords successfully reset without their permission.
How it happened is still being probed, although the IDA had stressed that there is no evidence at this point suggesting the SingPass system had been compromised.
SingPass, which now has more than 3.3 million users, can be used to perform more than 340 online transactions with 64 government agencies. Examples include accessing Central Provident Fund and income tax accounts.
No comments:
Post a Comment