Access e-government services with your fingerprints via the new SingPass Mobile app

SINGAPORE — Tired of trying to memorise secure passwords and having to lug around a physical token whenever you have to use your SingPass to access e-government services? The new Singpass Mobile application for smartphones allows you to use your fingerprints to verify your identity.

Launched on Monday (Oct 22), the app offers a more secure and convenient login method, compared to using passwords which can be phished and replicated easily.

With the app, users can use their fingerprints, six-digit passcode, or even facial recognition on phones with the detection capability, to log on to e-government services to check their Central Provident Fund (CPF) balances, pay taxes or apply for flats.

They no longer have to rely on the physical OneKey token or wait for an SMS one-time password (OTP) for two-factor authentication.

Singpass Mobile also has additional security features to protect users’ personal data, said the Government Technology Agency of Singapore (GovTech).

For example, when the app detects any potential security breach or presence of malicious software on the phone, the user will not be allowed to use it.

Such potential security flaws can be present after a user “jail breaks” a phone — a process which modifies the operating system of a phone to give any user unrestricted access — or after multiple failed login attempts, for example.

The use of biometric authentication can also help to reduce “unhygienic” cyber practices, such as the sharing and use of weak passwords.

The importance of having more secure login methods has been underscored following the recent probe into the SingHealth cyberattack, which found that the hackers likely made headway through a phishing email and weak server passwords.

“The new SingPass Mobile app will offer a more convenient login option, as users no longer need to enter their passwords to log in,” said GovTech’s chief executive Kok Ping Soon, adding that there are also some 150,000 requests from SingPass users to reset their passwords every month.

The existing modes of SMS OTP and OneKey token will continue to be available to SingPass users.

The SingPass Mobile app was trialled for six months prior to its launch on Monday, with 7,000 civil servants using the app since May this year.

While the trials garnered mostly positive feedback, some feedback collected led to GovTech including a quick-response (QR) code on the SingPass webpage to help users quickly launch the app on their phones.

The app will be progressively updated with new features to make it a one-stop point for users to access digital government services, with more details to be announced later.