Internet users in Singapore can expect to transfer savings funds, access health records and carry out other online transactions more easily with a single token from the second half of this year, as a government-backed authentication service goes live.
This so-called two-factor authentication (2FA) service works like existing online banking services, which require users to log in with a password on a PC followed by another one that is displayed on a small token or sent to them over SMS.
But with this new service, they will only need one token for multiple transactions in Singapore, as organisations start tapping on it.
This government project called the National Authentication Framework (NAF) has been in the works for the past two to three years, and promises to make it easy and cheap for both users and organisations such as government agencies and private companies to enjoy secure online transactions by having a common platform for all.
Unveiling the NAF operator Assurity Trusted Solutions today, Ronnie Tay, chief executive of Singapore’s Infocomm Development Authority (IDA), said he is hopeful that more government transactions would be done securely using this 2FA method in future.
With it, users may in future access their Central Providend Fund (CPF) savings and transfer funds online, instead of submitting paperwork for it over the counter. Currently, Singaporeans and permanent residents can only access their CPF accounts but not transfer funds through “single-factor” e-government services, which require a simple Singpass password and are not as secure.
As part of the NAF, these users will get a first token free, on request. By having a common offering, economies of scale can be reaped for organisations from government agencies to banks, whose tokens have been issued for close to five years and are near expiry.
One big draw for the NAF: it is free to organisations for two years. Already, Assurity executives say they have approached government, healthcare and financial customers to sign on to the nationwide service, though they did not reveal any confirmed deals.
One secure token for all transactions would be welcome to users here, where the percentage of people transacting online has gone up from 17 per cent in 2003 to 40 per cent in 2009, according to the IDA.
Its main task now would be to get the first e-government services onboard at launch – not a given as agencies in Singapore can be pretty autonomous (the Monetary Authority of Singapore, which regulates banks, was the one that originally pushed banks to introduce 2FA several years ago following several high-profile break-ins).
UPDATE: We had used a picture of an RSA token earlier as an example, which may have caused some readers to believe that it is the actual NAF token, which is incorrect.
@chiloong, I believe SingPass may be used as a first factor, and will continue to be used for less sensitive e-gov apps that require less security.
@gkjohn: my apologies. The RSA token was an example we wanted to use to show users how one would look like. It’s not necessarily an RSA token that will be used – we’ve replaced the pic, so that it’s not misleading.
One Token to rule them all,
One Token to find them,
One Token to bring them all
and in the darkness bind them
How does this work with Singpass? With our IRAS account? Will it merged under the NAF?