Expert Comments

Face Verification And Multi-user SMS 2FA Options Added To SingPass – Expert Reaction

Expert(s): ISBuzz Staff
Expert(s): ISBuzz Staff

It has been reported that Singapore has added face verification as a two-factor authentication (2FA) option to log into SingPass, an account residents use to access e-government services. They also can choose to send their SMS one-time password (OTP) to another SingPass user’s mobile number, which is offered to help less digitally savvy users navigate the platform with external assistance. The two additional 2FA options were introduced as part of the government’s efforts to support a digitally inclusive society, said Government Technology Agency of Singapore (GovTech) in a statement Wednesday. 

The full story can be found here: https://www.zdnet.com/article/singapore-adds-face-verification-multi-user-sms-to-singpass-2fa/

Experts Comments

December 17, 2020
Stuart Sharp
VP of Solution Engineering
OneLogin
GovTech can be applauded for recognising that once size does not fit all when it comes to security, particularly with the introduction of multi-user SMS. Even though SMS OTP is vulnerable to SIM take-over and phishing-based attacks, introducing it as a second authentication factor greatly reduces the overall likelihood of attacks being successful. Face verification technology is certainly a stronger form of 2FA than SMS, but GovTech’s implementation of a government-owned centralised.....Read More
GovTech can be applauded for recognising that once size does not fit all when it comes to security, particularly with the introduction of multi-user SMS. Even though SMS OTP is vulnerable to SIM take-over and phishing-based attacks, introducing it as a second authentication factor greatly reduces the overall likelihood of attacks being successful. Face verification technology is certainly a stronger form of 2FA than SMS, but GovTech’s implementation of a government-owned centralised database of biometric information makes it a prime target for criminals who focus on compromising data stores that contain sensitive data for millions of users. A better approach would have been to rely on device-based biometrics that are already ubiquitous on smartphones, laptops and tablets. Biometric information would only be stored on the user’s personal device, with no central data store for hackers to target, and can leverage modern authentication standards like WebAuthn which have built-in protection against phishing attacks.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.
SUBMIT
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

Comment: Contactless Limit Of £100 Is Logical But A Huge...

Cyberattack Response Takes Over 2 Days, Industry Survey Reports

Comment: New Group Can Breach Organisation, Steal Sensitive Data Without...

Quest-owned Fertility Clinic Announces Data Breach After August Ransomware Attack

On Hackers ‘Password Spraying’ Office 365 Accounts

Patch Tuesday Addresses 74 CVEs | Commentary

MysterySnail RAT Uses MSoft Zero-day – 3 Experts Comment

University Of Sunderland Hit With Major Cyber Attack

You Should Update Your iPhone Right Now

Weir Group Suffers Ransomware Attack – Security Expert Comments

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy