Singapore, 4 July | For Immediate Release

30-day grace period given to remaining users to set up 2FA upon login from 5 July

To better protect the personal data of users, the Government introduced 2-Step Verification, also known as 2-Factor Authentication (2FA), as part of its enhancements to the SingPass system in July last year. 2FA is a critical component to ensure that users’ online identity and transactions are secure.

Following a year of extensive outreach, 80% of the two million regular SingPass users (those who log in more than once a year) have set up their 2FA.

From 5 July 2016, the majority of government e-services will require 2FA for transactions. This means that in addition to their SingPass username and password, users will need to enter a One-Time Password (OTP) sent via SMS or generated through a OneKey token.

The Government continues to reach out to regular users who are not yet 2FA-ready. Users who have yet to set up their 2FA will be given a one-time grace period of 30 days when they log in to SingPass from 5 July 2016. This will allow them to perform urgent e-transactions while they set up their 2FA. Some examples will include online registration for Primary One and certain CPF e-services. The starting date of this grace period will differ across users, depending on when they log in to SingPass. After the grace period ends, users will require 2FA to access e-services involving sensitive data.

Users can still set up their 2FA anytime, when the need arises after the grace period. They will first have to register for 2FA. Upon successful registration, local and overseas users will receive a PIN mailer for activation within seven and 10 working days respectively.

Mr Chan Cheow Hoe, Assistant Chief Executive, Infocomm Development Authority of Singapore, said, “While the majority of regular SingPass users are 2FA-ready, we recognise that the remaining 400,000 regular users may need more time to set up their 2FA. This one-time grace period helps to minimise disruption and provide flexibility to different users who have not set up their 2FA and need to perform urgent e-transactions.”

Mr Chan added, “However, the security of user accounts remains our priority. We will monitor the take-up rate of the remaining regular users before removing the grace period. A range of mitigating measures, such as fraud analytics tools, have also been deployed to ensure the security of SingPass accounts for users who are in the process of setting up their 2FA.”

For enquiries regarding SingPass 2FA setup, users can refer to the 2FA FAQs and Video Guides. They can also contact Assurity Helpdesk via email at


About Infocomm Development Authority of Singapore

The mission of the Infocomm Development Authority of Singapore (IDA) is to develop information technology and telecommunications within Singapore with a view to serve citizens of all ages and companies of all sizes. IDA does this by actively supporting the growth of innovative technology companies and start-ups in Singapore, working with leading global IT companies as well as developing excellent information technology and telecommunications infrastructure, policies and capabilities for Singapore. For more news and information, visit Follow IDA on Facebook IDA.Singapore and Twitter @IDAsg.