How Singpass Enforces Data Security and What You Can Learn

Explore and learn the roles of Singpass in strengthening your data security

In our highly-digitalised landscape, enforcing data security has become more of a mandate rather than an option. Around the world, more and more industries across different sectors are leveraging data security in their work operations. Singapore is no exception to this data governance. Singapore Personal Access (Singpass) is the nation’s digital identity and has been very successful in data security integration. Therefore, this article will explore Singpass’s data security success, allowing both organisation and users to learn from examples.

Singpass: A Brief Background

Singpass provides secure to government and private sector

Singpass is every Singapore resident’s trusted digital identity. It Provides easy and secure access to over 1,400 government and private sector services online and in person. Logging in to digital services, proving identity over counters and digitally signing documents are just some of the many functions of Singpass. Singpass is managed by the Government Technology Agency (GovTech) and is one of eight strategic national projects that drive Singapore’s Smart Nation vision.

Singpass Data Security Measures

Today, there are over 4 million Singpass users with over 170 million transactions conducted annually. This translates to a large amount of sensitive data within the Singpass system. Any vulnerabilities in data security would result in citizens’ compromisation of personal information. Therefore, it is imperative that Singpass enforces strong data security integration. The Singpass system is reviewed regularly with many on-going security enhancements to ensure that a secure Singpass service is delivered to users.

Two-factor Authentication

One of the ways in which Singpass improves data security is through the use of two-factor authentication (2FA). 2FA is a security process in which users provide two different authentication factors to verify themselves. The first relies on password and the second is usually either through a security token or biometric factor including fingerprints or facial scans.

For Singapore 2FA Singpass, users are required to enter their Singpass ID and password, followed by a one-time password (OTP) sent via SMS or Singpass Face Verification, serving as an additional layer of security. 2FA makes it harder for attackers to gain access to an individual’s account as a password alone is not sufficient to pass the authentication check.

2FA has long been used to control access to sensitive systems and data. Beyond Sinpass, many online service providers are increasingly using 2FA to protect their users' credentials from being used by hackers.

automated-2FA-myinfor-onekey-integration

MyInfo Integration

Authenticated through Singpass, MyInfo is a digital personal data platform which helps citizens fill in digital forms automatically instead of doing so repeatedly for every transaction. It has been assured that this action to link citizen accounts, used to access e-government services, to an autofill form system would not leave user data any less secured. The data is not stored in a centralised ‘digital vault’ with a common database but instead, across multiple systems and protected with various security measures. It extracts the relevant citizen data provided to and archived by the respective government agencies, as and when they are required to pre-fill forms.

With emphasis that the government takes MyInfo integration and data security of citizens seriously, GovTech spokesperson said “MyInfo data is stored across multiple systems that are safeguarded by cybersecurity measures, including a combination of end-to-end encryption and multi-layered security. In line with industry best practices, these measures are reviewed and updated on a regular basis to enhance data protection."

myinfo-profile-data-security-classification
Source: Government Technology Agency of Singapore YouTube Channel

FormsSG – Data Security Classification

Developed by GovTech’s Data Science & Artificial Intelligence Capability Centre, FormSG replaces the use of paper forms, enabling public officers to create digital government forms quickly and effortlessly. It provides integration with government systems, allowing it to support authentication through Singpass. FormsSG revolves around data security classification in Singapore. Classifying data is essential to know how to secure it and prevent security incidents. This is how FormsSG collects and executes data security classification.

- Only you can access your data

      -  All form responses are either encrypted end-to-end (Storage mode) or sent directly to your email inbox (Email mode). This means third parties will not be able to access or view your form data.

- Support up to Restricted data for individual responses

      - For individual responses classified Restricted and below, you can use FormSG in either Storage or Email mode.

- Support up to Confidential data for collated responses

      - Both Storage and Email modes are permissible for collated data classified Restricted and below, and Email mode can also be used for Confidential collated data.

singpass-integration-with-data-governance

Sign with Singpass

‘Sign with Singpass’ allows users to digitally sign documents through the Singpass mobile app. This feature leverages cryptographic technology, ensuring that signatures are identifiable and uniquely linked to the signer. In this way, businesses have greater peace of mind with regards to the authenticity of the signed documents. While organisations are assured of the security provided, users stand to gain from benefits as well. Users have the flexibility of choosing their preference of integrating this feature with their own document management systems or solutions offered by digital signing partners. The convenience of signing anywhere, anytime is also made possible.

All in all, it is apparent that data governance and security in Singapore is treated with immense care and thought. Though the nation has done well in protecting citizens’ sensitive, personal information and achieved high data security through Singpass, users can also do their part in protecting their own information. Data security works best when both parties are doing their part. These are some tips for users to protect their own data.

- Do not share login information: Keep your Singpass ID, password and 2FA details confidential.

- Do not reuse passwords: Certain websites that you access may not be secure. Login information may be stolen from these sites and used to hack your Singpass account.

- Change your passwords regularly

- Use strong passwords: Strong passwords are alphanumeric and contain 8 to 24 characters.

- Look out for phishing sites: There may be sites that look like government websites to trick you in disclosing your personal details. To verify if it is not a phishing website, always check that the URL is correct (www.singpass.gov.sg), and there should be a 'lock' icon in the address bar.

At Adnovum, we are your experienced data protection service providers. By following in the footsteps of Singpass’s strict data governance in Singapore, we are committed to developing quality cybersecurity solutions. Begin your journey to better data protection and contact us today