A Singapore Government Agency Website

Singpass Security Tips

Your Singpass contains a lot of personal information. Protect your digital identity by following these security tips:

  1. Never share your Singpass ID, password and 2FA details with others
  2. Never allow others to watch you log in to your Singpass; do not screenshare or allow remote access to your device
  3. Ensure that the Singpass website domain you're accessing is singpass.gov.sg, with a 'lock' icon present in the address bar
  4. Ensure that the URL displayed on your Singpass app's consent page matches that on your browser before logging in to any services
  5. Always log out of the digital service (on your internet browser) after you have completed your transaction.
  6. Never scan Singpass QR codes sent over SMS or unofficial channels like WhatsApp. Singpass also does not send SMS with hyperlinks.
  7. If you receive a suspicious email (e.g., asking for your Singpass ID and password), do not download any attached files or click on hyperlinks. Delete the email immediately.
  8. If you are unsure of the legitimacy of a message, verify directly with the Singpass helpdesk at support@singpass.gov.sg.
  9. Secure your device with biometric options and only register your own fingerprint or face on the device. Do not allow strangers to use your device.
  10. Ensure your computer's operating system, web browsers and other software security patches are up to date. Only install software and updates from official sources.

You may also visit go.gov.sg/csa-gosafeonline for tips on how to spot phishing scams!

Singpass Security Measures

We have implemented stringent security measures to protect your Singpass account and personal data.

  1. Singpass requires Two-Factor Authentication (2FA) to verify the user's identity for sensitive transactions.
  2. Users are alerted promptly via SMS or email notifications whenever changes are made to their Singpass account.
  3. Singpass employs fraud analytics as part of our multi-layered defence to identify fraudulent attempts in real-time and reduce risks for Singpass users.

    For instance, you will be alerted when a Singpass login is performed on an internet browser/device that you do not usually use. If you did not personally perform this action, please report the incident to the Singpass helpdesk at 6335 3533 or support@singpass.gov.sg to secure your account.

  4. The Singpass app is built to ensure high levels of security.
    • User authentication is required to perform a mandatory one-time app setup, and the Singpass app can only be installed on one mobile device at a time. Activating the Singpass app on a new device will automatically deactivate the app on your previous device, ensuring that there is only one copy of your credentials.
    • The Singpass app only recognises legitimate Singpass QR codes. An error message is shown if an invalid QR code is scanned, and you cannot proceed!
    • The Singpass app always seeks your consent before sharing any data with another agency/ organisation for a transaction you have initiated.
    • Your personal data is safeguarded through encryption technology in the Singpass app and sent securely to the business/government agency that you wish to transact with.
    • The Singpass app will lock itself and will not be usable when threats are detected on the device. You will be prompted to quit the app immediately if the app detects the presence of malicious software or altered settings that could compromise the security of your mobile device.
    • Remotely deactivate the Singpass app to secure your account quickly. Should you misplace your device or suspect that your Singpass account may be compromised, you may (1) install the app on another device to automatically deactivate it on the lost device, or (2) deactivate the Singpass app from the Singpass website.