The Straits Times
Monday, Dec 19, 2016
Come Jan 15, two-factor authentication (2FA) will be made compulsory for all SingPass users.
Currently, more than 100 government e-services such as the Central Provident Fund (CPF) and Inland Revenue Authority of Singapore (Iras) require the mandatory 2FA to perform e-transactions.
So what is 2FA? It is the extra step a user has to take before logging in to an online account or making an online transaction.
It is usually in the form of a random code sent to a mobile device or via a token.
2FA is based on the idea that a second layer of security should come from something physically near the user, so a hacker cannot log in to your accounts with only a username and password.
Anyone who attempts to do so will be stopped by this second layer of security.
However, 2FA is not always foolproof.
If you opt for SMS one-time passwords and lose your mobile phone, hackers can get access to your accounts and information stored in your device.
Cyber security experts say using a token for 2FA is safer, even if it is more inconvenient.
Just remember to keep the token stored away in a safe place and never reveal the number generated to anyone.