Facial verification among new SingPass 2-factor authentication options aimed at seniors, the less tech-savvy

• The new options for SingPass two-factor authentication aim to help seniors, the less tech-savvy access government services
• Facial verification will help those who might not be digitally savvy or able to navigate computers and smartphones
• The other option allows one-time passwords to be sent via SMS to users other than the account holder

SINGAPORE — From Wednesday (Dec 16), SingPass users will have two more options to carry out two-factor authentication (2FA) — including facial verification. The move aims to help seniors and those who are not digitally savvy access government services online through the national passcode system. 

The other option allows one-time passwords to be sent via SMS (short message service) on mobile phones to users other than the account holder, paving the way for an older parent to link his account to his adult child’s mobile number, for instance. 

These new functions will raise convenience and accessibility for SingPass users accessing government digital services, the Government Technology Agency (GovTech) said in a statement. 

They are also in step with the Government’s efforts to build a digitally inclusive society by enabling digital access to such services for people from all walks of life, GovTech added. 

The two new features come on top of three existing 2FA options: The SingPass Mobile application, one-time passwords via SMS, or the OneKey token, which will be discontinued by March 31 next year.

GovTech said: “We are actively facilitating the remaining 120,000 OneKey token users to transit to these alternative 2FA methods through direct mail, digital clinics and digital ambassadors.”

FACIAL VERIFICATION

Users who use this feature may log in by entering their SingPass identification number and password. They must then scan their faces using an internet-enabled computer with a web camera or a mobile device with a front-facing camera.

Their facial images will then be matched with those on their National Registration Identity Cards (NRICs) or passports.

Alternatively, users without these devices may visit places equipped with a face-scanning service. These include:

• The Inland Revenue Authority of Singapore Taxpayer and Business Service Centre along Newton Road

• Our Tampines Hub’s Public Service Centre

• The Central Provident Fund Board’s Bishan Service Centre

GovTech said that the facial verification technology is embedded with security measures to guard against impersonation fraud.

For instance, technology is used to detect and prevent the use of a photograph, video or mask. Among other precautions, the facial images captured will also be encrypted and protected with tamper-evident logging. 

Mr Kwok Quek Sin, GovTech’s senior director of national digital identity, said that the option would be especially useful for users who might not be as digitally savvy or able to navigate computers or smartphones, since it reduces the need to key in extra information such as one-time passwords. 

“This option also serves our overseas Singaporean community who might not have a locally registered number and are unable to receive SMS one-time passwords,” Mr Kwok said. 

For more sensitive transactions, however, GovTech said that this facial verification method would not be used as the sole authentication factor, to ensure that others with similar facial features, such as identical twins, cannot access one another’s accounts. In these instances, extra authentication factors, such as a one-time password, may be needed. 

MULTI-USER 2FA SMS MESSAGES

A new feature, the multi-user 2FA, is an extension of the present 2FA method done via SMS. It allows SingPass users the option of having their one-time passwords sent to another user’s mobile number.

It is geared at people who may need the help of others when performing transactions online.

For instance, an older parent may link his SingPass account to an adult child’s mobile number. This way, the child will receive that parent’s one-time password via SMS and help to provide the 2FA to complete a transaction. 

Before this feature may be enabled, both parties must activate this option — known as multi-user SMS 2FA — at any SingPass counter and show proof of their NRIC or Foreign Identification Number. For the locations of SingPass counters, visit go.gov.sg/singpass-counters.