Singapore Sing Pass should be used for authentication only
The SingPass is used to access my government websites. This is a useful feature. There is no need for each website to have a separate login credential.

There is a risk that the Sing Pass credential (ID and password) may be stolen by a hacker. This is not a serious risk. The Sing Pass requires a 2FA (e.g. fingerprint or facial recognition) before it is accepted.

There is another risk that is probably not recognized. If the Sing Pass platform fails, then the user will be locked out of all government platforms.

This failure could be caused by heavy traffic (when too many people access Sing Pass at the same time) or when the Sing Pass app is being updated to add more features. Each update of the app poses this risk.

I suggest that this risk be mitigated as follows:

1. Make Sing Pass a standalone app for authentication only. The other functions that are now built into Sing Pass should be transferred to another app.

2. Changes to the other functions can be made without affecting Sing Pass. If the other app fails, Sing Pass will not be affected.

Tan Kin Lian

 

Add Comment

---