Virtual transactions are getting riskier by the day with increasing numbers of cyber attacks and thefts. Under such circumstances, it is important to protect a vital virtual profile such as SingPass from falling into the wrong hands. GovTech, the division that manages SingPass, has come out with a Two Factor Authentication (2FA) to protect your account from cyber attacks. The 2FA is administered through Assurity, a fully-owned subsidiary of GovTech.
The first thing to do before registering for 2FA is to ensure that all your contact details – phone number, address, email address, etc. – are correct in your SingPass profile. If your mobile number is incorrect, you will not be able to set up the SMS OTP 2FA. To update your details, you should go to the ‘Update Account Details’ menu option in your SingPass profile and change or rectify the number/other details. If your address is incorrect, the PIN Mailer and OneKey device won’t reach you, because Assurity sends the mails to your registered address.
How to Register for SingPass 2FA Online
GovTech has started registering SingPass users whose mobile numbers are added and verified in their accounts automatically for SMS OTP 2FA since February 2016. Automatic registration is not done for OneKey Token registration. If you have not been auto-registered, or if you want to register for a OneKey Token as well, then you can do so online.
Registering for SingPass Two Factor Authentication online is a simple process. You can choose either to register through SMS OTP that will be sent to your registered mobile number for the second level of authentication, or through OneKey Token, which is a device through which you can generate OTPs for use on the SingPass site.
Here’s What You’ve Got to do for 2FA Registration:
- Go to the SingPass portal and log in to your account.
- Go to the ‘Quick Links’ section and choose ‘Set Up 2-Step Verification’.
- Select ‘Register 2FA’ and opt for either SMS One-Time Password (OTP) or OneKey Token.
- The site will ask you to verify your postal code – based on the address you have submitted to SingPass. Confirm it and click on ‘Submit’.
Once the request is submitted, you will receive a mail at your registered address within 7 business days. If you’ve opted for the SMS OTP option, the mail will contain the PIN and instructions on how to activate the 2FA process. If you chose the OneKey Token, you will receive the OneKey device, PIN details and activation method.
How to Register for SingPass 2FA Through Phone
If your mobile number is registered in Singapore and verified in the SingPass account, you can do either of the following to register for 2FA:
- Send an SMS to 78008 with the text ‘Register’, if you are in Singapore.
- Call +65 8241 1666 if you are outside Singapore.
Please note that this cannot be done for OneKey registration.
Alternatively, you could also visit the 2FA Counters of Assurity at the International Plaza on Anson Road or PSA Building on Alexandra Road with your original NRIC or FIN card and get the process done immediately.
How to Register for 2FA if You don’t have a Singapore Mobile Number
If you do not have a mobile number registered in Singapore, you need to choose ‘Do not have a mobile number’ and ‘Skip Now’ when you are prompted for the number on SingPass. For a longer-term solution, go to your nearest SingPass Counter with your original NRIC/FIN and get it sorted. You could also email email@example.com with your request.
Not having a Singapore-registered number means you will have to choose the OneKey Token activation for 2FA.
2FA Registration for Singaporeans going Overseas
If you are going abroad for a short or long time, you need to ensure that the 2FA registration is done when you are in Singapore. Set up a OneKey Token 2FA as that will be more convenient.
If you are living overseas, you can register and activate OneKey Token 2FA by ensuring that your address on the portal is correct. The PIN and device will be sent to your mailing address within 10 working days (or more if you live far away). If your address is not updated, you should send your NRIC and Passport copies, along with overseas address proof and overseas mobile number, to firstname.lastname@example.org. You will receive a confirmation in 7 days, and the PIN plus OneKey Token in 10 days.
How to Get a New PIN
If you have lost, misplaced or not received your PIN mail, you can request for a new one. Users in Singapore can send an SMS to 78111 in the following format: Resend pin mailerNRICPostal Code. Users outside Singapore need to send an email to email@example.com. You will first get a confirmation SMS in 2 days, and then receive the new PIN in 7 business days.
How to Activate 2FA After Getting PIN
The PIN mailer will contain the measures you need to take to activate 2FA. The process is as described below:
- Go to portal.assurity.sg/activate.
- Put in your ID type (NRIC, FIN, Passport, etc.) and ID number.
- Put in the PIN sent to you in via mail.
- Accept the Terms and Conditions by selecting ‘Next’.
- Verify your personal details visible on the page.
- Confirm and go to the OTP page by selecting ‘Next’.
- Put in your mobile number/confirm the number.
- An OTP will be sent to your phone. Enter this OTP on the page.
- Submit and your 2FA registration will be activated.
Alternatively, you can send an SMS to 78111 with the activation code received in your PIN mailer. The format should be:
- For SMS 2FA: ACTSMSNRICPIN password
- For OneKey Token 2FA: ACTTokenNRICPIN passwordOTP
- For both together: ACTBOTHNRICPin passwordOTP
How to Manage 2FA
SingPass has a ‘Manage 2-Step Verification’ option under the ‘My Accounts’ menu. This will help you check whether your 2FA has been activated, and to manage the 2FA if you have activated both SMS and OneKey Tokens. You can opt for an SMS-only 2FA or a OneKey-only 2FA, and switch between the two whenever you want through this service. Here are some situations to think about:
- You’re changing your mobile number – If you change your mobile number, you can update it through the ‘Update Account Details’ on the SingPass menu options. You will receive an OTP on the new number for verification.
- You already have a OneKey Token device – In this case, you need to go to ‘Set Up 2-Step Verification’ and choose ‘Link OneKey Token’.
- You change your OneKey device – If your OneKey Token is replaced, you need to follow the path – ‘My Account’>’Manage 2-Step Verification’>’Update OneKey Token’.
SingPass 2FA verification is required only for online government-related transactions that deal with sensitive and confidential information. Some of the transactions for which 2FA validation is required are:
- NAF Portal login
- CPF e-Services
- GST Voucher portal
- Workfare portal
- HDB e-Services
- Silver Support Scheme portal
- MediSave Mammograms System login
- Filing of financial statements through ACRA BizFinx
- Child Consent portal
- National Immunisation website
- ICA iEnquiry
- JTC Corporation Customer Service Portal
- Ministry of Education Primary One Registration system
- Ministry of Health Health Check System
- Ministry of Manpower Employment Pass Online
- NEA Hawkers Online