http://www.todayonline.com/singapore/no-vulnerability-singpass-system-yaacob
Last week, the Ministry of Manpower (MOM) and the IDA revealed that three of the compromised accounts had been fraudulently used to apply for six work passes.
The SingPass breaches discovered last month were not due to system vulnerability, although the Government is going ahead with steps to tighten security, including possibly mandating that passwords for accounts be changed more frequently.
The perpetrators could have obtained the account information by guesswork because of the “widespread usage of simple passwords” or through malware installed on their computers. Malware, short for malicious software, enables cybercriminals to steal information such as passwords or bank details from users’ computers by logging keystrokes.
Speaking in Parliament yesterday, Minister for Communications and Information Yaacob Ibrahim also urged users to do their part in protecting themselves from such incidents; for example, by using stronger passwords and ensuring the anti-virus software on their computers is always updated.
To strengthen security, government agencies will be required to implement two-factor authentication for online services involving sensitive data or transactions, Dr Yaacob said, adding that more details on its implementation will be available later this year.
He also said users would be allowed to choose their own usernames instead of the default NRIC or FIN numbers currently.
When asked by Workers’ Party non-constituency MP Yee Jenn Jong if the implementation of the two-factor authentication would lead to costs that might be borne by users, Dr Yaacob replied that this would not be the case.
No comments:
Post a Comment