A new mode of authentication will be available to Singpass users from July 1 as part of ongoing efforts to foil phishing scams that have led to millions in losses.
Singpass’ new passkey feature ensures that access is granted to legitimate websites only, and cannot be shared or exploited, unlike passwords or QR codes.
The new authentication feature works through a unique pair of encryption keys – one residing on the user’s phone and the other on Singpass’ backend server – for every website that is integrated with the national authentication system.
This also paves the way for a password-free future.
“As passkeys are bound to the legitimate Singpass login domain, they cannot be used on fake websites,” the Government Technology Agency of Singapore (GovTech) said in a statement on July 1.
“They will only work with Singpass logins on real government websites and private sector services integrated with Singpass, protecting users against phishing scams.”
GovTech is the agency that operates Singpass, which supports 5.5 million users and is integrated with over 1,400 government agencies and private sector services.
They include digital health portal HealthHub, the Inland Revenue Authority of Singapore’s tax portal, the Central Provident Fund Board, DBS Bank and Singtel.
A one-time registration is required to activate the passkey feature. iPhone users will be the first to be able to do so through their Singpass app from 10am on July 1. The feature will be rolled out to Android phone users later.
Laptops and desktops currently do not support Singpass passkey. But GovTech is working to enable such support across all web browsers so Singapore residents can use the passkeys residing on their phones to unlock access on computers.
All existing authentication methods will still work even with the roll-out of passkeys.
Currently, users tap or scan a QR code on their Singpass app and complete the authentication by scanning their face or fingerprint, or entering a six-digit passcode. A set of static and one-time passwords can also be entered on the Singpass website to gain access.
“(These) methods will remain available to ensure continued access to services,” said the agency.
Read Full Article At Source


