Why is IDaaS the Future?

identity access management products

Identity as a service (IDaaS) is identity access management products that are based off software-as-a-service (SaaS) models which enables organisations to deliver single sign-on (SSO), authentication and access control features through a third-party service provider. IDaaS offers cloud-based authentication to businesses that purchase it as a subscription-based managed service. Subscribers are granted role-based access to specific applications or even entire virtualised desktops via a secure portal. This is to ensure that users are who they claim to be which is especially crucial in a corporate culture that is gradually shifting towards bring-your-own-device (BYOD) workplace environments, due to the rising number of personalised devices possessed by employees. Utilising a centralised cloud-based system generated by identity experts, the process of local identity provisioning is greatly simplified, and thus able to adapt immediately to new security challenges.

By reducing the risk associated with password sprawl and poor password handling practices, IDaaS can enhance cybersecurity. At the same time, the login process can be streamlined to become more secure and efficient, not only saving time but also the number of password resets. The process to shut down any compromised account is seamless and faster as well. Similarly, an employee who leaves the organisation will have their user accounts terminated, preventing any opportunity for identity theft and unauthorised access to corporate data.

IDaaS allows identity services to be integrated into application development and application runtime environments. Applications can embed identity access management functions as a part of their inherent business processes without the need to have coding knowledge. IDaaS also reduces complexity through increased ability to leverage critical identity data while eliminating the challenges of management and replication. Apart from SSO, IDaaS can be paired with multifactor authentication at an appliance and system level, further decreasing the chances of a hacker being able to breach security.

Furthermore, businesses will benefit from the amount of money saved. Through IDaaS, the digital security team is no longer required to back up data; maintain servers; upgrade or purchase new software; fork out hosting fees; set up virtual private networks; and the like. A reinforced security system using IDaaS will benefit the organisation financially in the long run, preventing any online attack that might put a huge dent into their business. For a small enterprise, an attack on IT security can rack up to about $40,000 in damages on average. Therefore, the many advantages proffered by IDaaS-based identity access management solutions should not be made light of. With the payment of a subscription fee and the administrative work, companies can enjoy increased revenue stream without having the integrity of their networks threatened.

As the digital world progresses towards a future of cloud computing and enhanced interconnectivity, email search, as well as network security, will be moved to the cloud. In order for businesses to keep up and stay ahead of the pack, IDaaS will serve as the inevitable future-forward choice for IT security. Organisations that have to yet to adopt identity access management solutions should soon consider implementing IDaaS.

Importance of SSO to Businesses

singapore identity access management

The technology of single sign-on (SSO) authentication has been around for some time. However, it has only started gaining traction in recent years. Today, SSO is essential to the success of enterprise identity access management solutions.

Many organisations have recently turned to the use of cloud-based tools for work, with employees having to access many applications and services. Instead of manually logging in every time, SSO allows business employees to access an array of Internet applications and tools with a single username and password combination. As a result, many businesses have begun to incorporate SSO and employees can do away with memorising multiple login credentials, thus contributing to improving workplace productivity. Moreover, SSO reduces the number of forgotten passwords and password resets. This, in turn, alleviates help desk costs as IT security teams are no longer burdened with having to manage countless passwords linked to just as many employee accounts. Security teams no longer have to handle low-level administrative issues and hence, are able to channel their efforts into larger scale operations to augment efficiency and security. It, therefore, comes as no surprise that an increasing number of businesses are turning to SSO as a solution to streamline login processes and save costs on digital security.

Contrary to popular belief, SSO authentication enhances digital security despite users only having to remember one set of username and password. SSO technology increases the difficulty for hackers to find out a person’s login information, especially with more sophisticated solutions offering biometric authentication through fingerprint identification and facial recognition. Furthermore, SSO grants IT, teams, real-time overview of the users who have accessed certain corporate resources. A real-time system log monitors user activity through geolocation tracking and uses that information to ensure that the integrity of the system is not compromised. Should an employee lose their laptop or smartphone device, the IT security team can effectively disable their account. In a similar vein, SSO allows for the configuration of access based on employee role, making sure that the appropriate people have access to the appropriate resources. As a result, access can be controlled based on seniority of the employee or the department they belong to, making it transparent to the organisation which resources can or cannot be accessed by certain employees.

In addition, SSO aids in the tightening of business-to-business (B2B) collaboration. Extranets are a major way of interconnection between businesses and they contain data that is shared between companies for the purpose of collaboration. Cross-company relationships can be supported by SSO which enables business partners to selectively access documents, applications and resources. With SSO, interoperability can be achieved, while businesses maintain complete control over their corporate data. By facilitating B2B collaboration, organisations can enhance development and output of products and services.

As the world moves to a digital age where everyone is interconnected, there will be more IT security challenges, especially for businesses. SSO is an integral property of identity access management systems to strengthen digital security and create a streamlined workflow experience within the workplace. Businesses are strongly encouraged to adopt SSO solutions.

Identity and Access Management and the Internet of Things

singapore identity access management

A decade ago, the Internet of Things (IoT) would have sounded like a fantasy. However, the reality of the IoT is steadily gathering momentum and is already upon us in 2018. Just what is the Internet of Things? Essentially, it refers to the network of “things”: smart watches, cars, home appliances, all connected in a network, allowing them to constantly exchange information.

Naturally, exchanging such a gargantuan amount of personal information between innumerable devices means great security risks for consumers and businesses. Identity and access management (IAM) has to adapt to match the changing environment to mitigate and protect against security breaches. This article looks at how Identity and Access Management is affected by the Internet of Things.

The sheer volume of devices connected to different networks will be the biggest challenge posed to Identity and Access Management. New IAM systems must be adjusted to handle the manifold increase in workload of checking identities, authenticating logins and monitoring on-going sessions for proper access. Traditional IAM systems were not designed to handle automated devices. IAM systems typically handle user verification; different individuals logging in to gain access to a network.

However, the IoT presents the challenge of handling thousands of devices constantly logging in and accessing networks automatically. IAM systems must be able to verify identities from a huge number of devices, languages and application. This demands flexibility, huge scales and abundant power from IAM systems to allow the all devices to stay safe connected to a network while processing the huge amount of data generated by the IoT.

The inherent nature of the IoT demands a structural adjustment from traditional IAM systems. As previously stated, IAM traditionally verifies human identities accessing networks via passwords or physical validation. The foundational agents of the IoT are ‘things’ – smart devices embedded within the current structure of the Internet. These devices need identities for IAM to even perform its most basic functions.

Changing demands has not gone unnoticed by those in charge of IAM systems. This complicated relationship between IAM and the IoT has been labelled the Identity of Things, or IDoT. Managing this relationship is key for a safe and consistent flow of data from smart devices, to reap the benefits of the information produced by the IoT.

Giving each device an identity, linking them to their human operators and allowing them appropriate access are all challenges IAM must overcome. IAM strategies must adjust, from simply authenticating identities to working towards providing businesses or enterprises security as a whole.

This brings us to our last point: the IoT simply brings so many more potential threats for IAM systems to handle. While smart coffee machines or physical activity trackers may not seem a threat, more personal information can be accessed during unauthorised security breaches. Tampered health records, accessed bank accounts or leaked confidential details are possible outcomes of poor IAM strategies.

In 2015, this threat was fully on display. A jeep was accessed remotely and essentially hijacked as hackers gained control over its locks, speedometer, even accelerator.

The Internet of Things opens up endless exciting possibilities for manufacturers and consumers. Identity and Access Management strategies must be updated to handle these changes in volume, access and simply accommodating devices instead of humans.


Breaking Down and Simplifying 2FA SingPass Login System

2fa singpass singapore

In July 2015, Singaporeans logging into SingPass suddenly faced a new issue: navigating the new two-factor authentication when logging in. All of a sudden, new login details were needed and more information was demanded every time we tried accessing our accounts.

For those keeping up with technological jargon, SingPass’ two-factor authentication, 2FA, login system is easily understood. For the rest of us, we may struggle to understand this system and simply find it frustrating and tedious. Here, we look at how 2FA or multi-factor authentication systems work.

Before diving into the technicalities of multi-factor authentications, we’ll begin with a brief look why SingPass implemented this 2FA system when logging in.

SingPass links every Singaporean or resident to more than 60 government agencies, allowing each user easy and convenient access to north of 200 e-government services. It is compulsory for all Singaporeans to create a SingPass account once they turn 15. Users can file taxes, access their retirement funds and apply for public housing using their SingPass accounts.

The need for tougher authentication was triggered by a high profile hacking in 2011 and 2014. At this point in time, SingPass only needed a username and password when logging in. However, a hacker managed to illegally access 293 SingPass accounts in 2011. He collected their personal information before selling them off to a syndicate producing fake visas applications to enter Singapore. In 2014, 1500 accounts were unlawfully accessed, highlighting the need to better protect sensitive data.

So how does 2FA address these concerns? At its most fundamental level, 2FA needs you to prove your identity twice before you can use your SingPass account.

The most common example of this is pairing our account username and password with a one-time password (OTP) when logging in. Our username and password are the first factor to authenticate. We then receive a one-time password (OTP) via SMS, and this is used to complete the login. The OTP is the second factor to authenticate.

Authentication systems work on one principle: confirming one’s identity by knowledge or possession factors. In simpler terms, this means using something only the correct person knows or has.

2FA systems use expands on this principle, requiring both factors to confirm one’s identity. While this might sound slightly abstract, these examples may help you better understand this principle.

An example of an authentication system is a door lock. Ideally, only the owner, or residents of the house have the key to unlock it. That key is something you have. Confirming a password for your Facebook or Google account is also an authentication, and the password is something only you know.

Singpass’ 2fa system simply puts these two factors together. Your SingPass username and password is something only you know. Your phone, where you receive the OTP, is your personal possession and only something you own. This doubles the difficulty for anyone trying to simultaneously guess your username, password and OTP, protecting your personal information on SingPass.

To conclude, SingPass had to update its security in response to multiple breaches. The simple username – password combination meant that huge amount of extremely sensitive data could be illegally accessed by hackers. The 2FA system doubles the security of one’s account, crucial for an account as important as SingPass.

Complete Guide to Setting up Your SingPass Account

singpass singapore

To setup a singpass 2fa singapore system account, one does not have to be a rocket scientist. However, there are certain steps that need to be followed to setup and register the account.

The SingPass 2FA is a security gateway for access to over 60 government services in Singapore, with the help of a single username and password. The residents of Singapore primarily require SingPass when they want to transact with various government institutions. Now the question is: how does one set up and register into a SingPass account? Here is the complete procedure for users.

The preconditions

Before a user attempts to setup the SingPass 2 Factor Authentication account, the individual has to ensure that they qualify for SingPass, based on the following criteria:

    • The person is at least 15 years old


  • The person is a Permanent Resident of Singapore or a Singapore citizen or a holder of the Employment Pass or an eligible holder of Work Permit for working on the soil of Singapore.

They then also need to ensure that the address mentioned in the NRIC or the FIN card is correct. However, that can be updated as well.

The simple step by step guide

    • The first step involves going to the SingPass website


    • Then it’s time to register for SingPass


  • Finally, it’s time to setup SingPass account

Let us go to details:

    • First, the users will have to www.SingPass.gov.sg 


    • Click on the ‘Register for SingPass’ option.


    • Checking the eligibility for registering in SingPass account is the next step and for that users can find an option that asks whether the user is eligible for not to set up the setup SingPass 2FA Singapore 2 Factor Authentication system account.


    • The next step is checking whether the address that is mentioned on the NRIC/FIN card is correct.


    • Then it’s time to go through the terms of use and agree to them and then clicking on the “Register Now’ account.


    • Now it’s time to feed in the personal details.


    • Once done, punch in the verification code. The Date of Issue of the NRIC or the Pass can be viewed at the back of the card.


    • Once the fields are filled up, it’s time to ‘submit’


    • Once it is done, the SingPass password is delivered at the mailing address, registered with SingPass. It generally takes 5 working days for the password to be delivered at the address.


    • Once the password is received, users can begin to set up the 2 Factor Authentication system in their account.


    • Once in the account, users need to fill in in the contact details like mobile number in the appropriate fields.


    • As soon as changes are made in the account, SingPass will send notification messages to the registered mobile number of the user.


    • The user needs to opt for the preferred mode and then click on ‘Next’.


    • Now the OTP or One Time Pass is sent to the registered mobile number as well as to the email address for verification of the contract details.


    • Then the SingPass password needs to be entered and the ‘next’ option has to be clicked.


  • This completes the registration.


2FA is a very important part of ensuring that SingPass is protected for all its users. The use of a second device to authorize the use of important government-related services means hackers cannot invade SingPass accounts very easily.

Because of this, 2FA is being implemented in different types of software all over the world. To install the 2FA system into your own software, you should consider hiring a website security expert who will be able to perform these actions on the back end.

BYOD and Identity Access Management

identity access management
With the rising trend of the “bring your own device” (BYOD) policies, personal devices have been integrated into the workplace. Due to the highly connected nature of the world we live in today, it is no surprise that businesses are striving to boost employee efficiency through BYOD policies, allowing employees to bring work on the go. However, in today’s fast-changing technology landscape, the adoption of personal devices pose significant risks to digital security. In a BYOD environment, there is a unique set of security concerns for IT teams to deal with. As a result, identity and access management services are essential for organisations to prevent any malicious attacks and adapt to the new threats posed by BYOD policies.

Fortunately, security systems are now moving towards contextual and adaptive user authentication. When evaluating authenticity, security systems take into account contextual information such as IP addresses or GPS locations, to verify users’ identities. It is also through context-aware authentication that security systems are able to detect any abnormal login attempts and prevent attacks of malicious intent. For example, a user trying to gain access to corporate resources from a registered home location will not raise suspicion. On the other hand, if the same device is being used to login from an overseas location that the user rarely travels to, an alert will be sent to the security administrator immediately. Organisations can, therefore, regulate the number of devices per employee by requiring employees to register their devices. In addition, they can track user activity on every personal device as well as protect company data through remote lock and selective wipe settings, in the event that an employee’s personal device is found lost or tampered with.

With the advent of BYOD policies, organisations are starting to build and incorporate mobile applications that are made available to employees. This allows them to work through their personal devices wherever they are. However, this creates complex security concerns especially if the employee’s mobile device falls into someone else’s hands. With context-based security measures, such instances of credential theft being used to get unauthorised access can be prevented and shut down. If the user tries to access a corporate resource that is not relevant to their job scope, their risk rating will be altered accordingly by adaptive authentication processes that are working in the background. By monitoring user behaviour for any signs of deviation, IT security teams can circumvent complex security threats.

With the proliferating numbers of enterprise and consumer applications, single sign-on (SSO) processes have become a must-have in mobile identity management solutions, to alleviate the administrative burdens and IT costs. They also relieve users of the need to remember password and username combinations, enhancing user convenience. With SSO, IT teams can implement access control frameworks that further tighten security.

Identity access management has evolved to tackle new challenges arising due to BYOD. Organisations have no choice but to augment existing systems that will take into consideration other factors such as personal devices, and achieve corporate efficiency without compromising security.


Stages of the Identity and Access Management Maturity

There is no shortage of businesses that have found it difficult to implement a successful identity and access management (IAM) system. Unvalidated promises, a lack of governance and simply poor communication can cause business owners to distrust IAM services.

This article will not attempt to present ways to ensure the success of implementing IAM systems. Instead, we will pick apart the different stages of the IAM maturity cycle and what should be expecting in terms of IAM at each point of its implementation. Understanding how the system develops and changes at each stage of its maturity is crucial to its long-term success.

Understanding the nature of IAM systems will give us a stronger foundation to assess the stages of its life cycle. IAM systems are not so many projects as they are a process, requiring constant evaluations and updates to function optimally. Implementing a successful IAM system demands every member of an organisation to augment their thought process when it comes to IAM. An IAM system is not simply a plug-and-use software, it is an evolving process with several identifiable stages.

During this initial period of its implementation, the IAM system is still in its early infancy and users may encounter many issues. Processes may not yet be finalised or standardised. The time taken to grant or remove access may take longer times than necessary, as most of the processes will still be manually completed. Users will follow proper procedure as and when they want, and the processes are still manually applied.

The second stage in its life cycle is enforcing the repeated use of a still immature IAM system. At this point in time, employees will be complying with proper IAM methods when accessing authentication and applications. However, these actions will still be labour intensive and highly dependent on the knowledge of each individual. These tasks will mostly be done by those who do repetitive tasks as they gain familiarity with the proper procedures. The majority of responsibility to adhere to proper procedure will lie heavily upon the individual.

The IAM system then reaches a higher maturity level in its implementation. Its processes and proper procedures will have attained higher, if not ubiquitous, levels use. Now, most processes would have achieved some form of standardisation, properly documented and articulated for all employees to adhere to. However, the practicalities of the IAM system will not have reached optimum levels as of yet and still be a labour intensive and manual procedure.

Once defined, the IAM system reaches a managed level of maturity. Close to being optimised, processes within the system are constantly monitored by management to identify potential opportunities for improvement. The procedures are also improved occasionally. Conforming to proper procedures are now measured and enforced; actions are taken if expectations are not met. Now, automation or IAM tools are still rarely used.

Finally, the IAM system reaches optimisation. Procedures are automated using supporting IT systems, allowing for maximum efficiency and quality. Automation allows users to execute and follow procedures consistently and easily. Naturally, procedural compliance is still measured and enforced.

To conclude, an IAM system requires time and patience to reach full maturity once implemented. It is not simply a case of installing a software and expecting complete optimisation instantly.

Activating Two Factor Authentication in MS Outlook

microsoft outlook email 2fa

The term, ‘Two-step verification’ is often also called ‘two-factor authentication’. Some refer it to as ‘2FA’ as well. Technically speaking, it is a highly advanced layer of security, which allows you to access accounts, such as Microsoft Accounts. This is purposefully done to make hacking more difficult and to ensure that users have better control over their accounts. This extra layer of security is also included in MS Outlook, as each and every Microsoft service essentially connects through one common account.

Even if a password is guessed correctly through hacking technology, it becomes virtually impossible to crack the account without any knowledge about the second layer of authentication. When we talk about the singapore outlook two factor authentication system, the same principle is followed.

Microsoft offers to its users 3 different ways of setting up the 2-step verification mechanism. Also, a secondary email address or phone number can be used as an authentication step. An authentication app can also be configured as another level of authentication. When that level is set up, users need to enter a security code, which will prove that the person logging in is the authorized person.

The process of setting up and activating the two step verification

Let us see how the Singapore Outlook Two Factor Authentication system is set up. This process is similar across different types of 2FA systems.

It is possible to set up and activate the two-step verification system using either an email address or a phone number. However, as per the Microsoft directives, it is better to configure the application to authenticate the account on a smart phone. The advantage of using this mobile application is that the process becomes easier and the security code is delivered to the user, in case the device is not connected to the network.

    • First, people need to open the link that is meant to access the security settings on the Microsoft Account and sign in to the MS Outlook account. Then the name and the account settings need to be clicked.


    • The next step involves clicking on the link that helps setting up the two step verification, followed by a click on ‘Next’.


    • In case of setting an account, which is connected to the mobile service, the option “App” from the drop down menu needs to be chosen.


  • Thereafter, the type of device needs to be selected.

In case the device is a Windows phone:

    • First the authentication app needs to be selected


    • Then it has to be launched and tapping the ‘+’ button will help you add a new account


    • The camera button should come into play thereafter and the barcode needs to be scanned for pairing the device.


    • Now it is time to type in the code that the phone generates at the last step.


  • A click on the ‘Next’ option will finish off the activating of the 2-step verification system.

For an Android phone:

If it is an Android mobile, the Singapore outlook two-factor authentication process involves the following steps:

    • Install the MS Account application and launch it.


    • Tap the setup now button


    • Enter the parameters of the account that needs to be associated and press on ‘Next’


  • Now tap ‘Finish’ to complete.


While installing 2FA for a user’s account may seem easy on their end, there is actually a lot of work that goes into the building of the system. This allows for such easy and intuitive end product. If you are a company that would like to implement 2FA into one of your products, you should then find a website security consultant who can best assist you in that venture.

Cloud Computing and Identity Access Management

For you and I, cloud computing has been a nice innovation, an easy way to store personal files without worrying about our devices running out of space. Users can access and use these files as long as they have an Internet connection. Cloud computing has revolutionised businesses and will continue to change the landscape for data storage and access.

Put simply, cloud computing offers consumers and businesses to store files and run programs over the Internet. Business entities are moving away from on-site servers and hard drives. Once-localised data is shifted and housed on the Internet, centralised in a single web space and accessible via different applications. While this is undoubtedly convenient, this development opened a Pandora’s box for identity access management.

Today, we will take a closer look at a few challenges for identity and access management arising from the shift to cloud computing.

Naturally, one of the largest issues facing identity access management is the difficulty of maintaining secure and proper access to the information on the cloud. Without proper identity management, all members of the cloud will have unlimited access to sensitive data and applications on the cloud.

For large businesses, important information concerning operations or customer information will be at risk at being stolen or tampering from an unauthorised breach. Unwanted entries must be warded off. Even for the cloud’s members, proper identity and access management must be observed to ensure each individual user only has access to the appropriate amount of data.

In 2013, the well-publicised case of a hacking of Target’s data resulted in the theft of over 40 million credit card details. Hackers used a 3rd party vendor’s details to gain access to Target’s data cloud, before spreading malware to steal the data of millions of credit cards. This perfectly illustrates the risks of cloud storage and it’s challenges to identity management: once an individual has access to the cloud, virtually every byte of data can be accessed if there is insufficient management.

Managing the authentication of each user on multiple devices is another challenge for identity and access management. Identity and access management services must consider that cloud-based data can be easily accessed by mobile and personal devices.

Authentication methods must be strong enough to handle lower levels of security measures on personal mobile devices. It has to confidently confirm the user’s identity before granting access to important apps or data. However, overly complicated authentication methods can cause users to simply find ways around security measures, effectively negating whatever safeguards were put in place.

Therefore, the ideal identity and access management product meets the challenge of user friendliness while still ensuring the strength of its authentication methods. Repeatedly demanding personally identifiable information (PII) is enough to turn anyone away from a product or application.

When all is said and done, cloud computing is a real handful for those managing proper identity and access. Stopping unwanted access, properly managing intra-cloud access for different users and handling mobile authentications are just some of the challenges for identity and access management.

2FA SingPass Singapore – Opening New Windows to the Corporate World

2fa singpass singapore

Singapore’s 2FA SingPass Personal Access System is a 2FA or 2-Factor Authentication security system designed to allow users unlimited online transactions with more than 60 government agencies in a seamless, safe and secure way.

The setup was introduced in the month of March 2003 and is managed byGovTech or the Government Technology Agency of Singapore. This agency takes care of systems by reviewing its efficacy on a regular basis and implements enhancements when needed, ensuring that the security cushion it provides is absolutely foolproof. This regular overhauling is needed to incorporate added security features to counter new security threats posed by the ever-changing market dynamics.

Why SingPass?
Since its inception, SingPass has undergone a number of enhancement features to include an improved version of the user interface, some value-added features specifically designed for smartphones and a wide array of stronger security capabilities. Some of the newly added features include an updated version of 2FA to safeguard digital transactions that involve dealing with sensitive and confidential information. This has made Singapore’s 2FA SingPass one of the most secured security systems in the world today.  

The ways to access it
With singapore’s 2fa singpass system, accessing data becomes completely seamless. Perhaps, this is why experts think that this system has opened a new horizon of security options to the business world of Singapore, like it has done for the rest of the world.

With the installation of the 2FA security system, users are required to enter their respective SingPass ID and corresponding passwords. Once done, they have to punch in a One Time Password (OTP) that they receive on their mobiles through SMS. At times, the OTP is also generated through a OneKey token. This OTP plays the all-important role of an additional layer of security in certain scenarios, and is the second factor in the 2-Factor authentication process. Users need to be extra cautious to protect the passwords, usernames and other personal information to safeguard their SingPass account. Here are some tips that will help users do so:

Sharing the login information:
It is imperative that the SingPass ID, password and 2FA details are kept absolutely confidential.

Re-using passwords is a strict no-no:
It is better not to reuse the passwords across different accounts. This applies in particular when browsing certain websites, which might not be secure. Login information can very well be hijacked from these websites and then be used for hacking the SingPass Account.

Regular change of passwords
It is best to keep on changing the password regularly to ensure safety and security of the 2FA SingPass Singapore Personal Access System.

Use of strong passwords
It is better to use stronger passwords, which are alphanumeric and are comprised of at least eight to twenty-four characters.

Be wary of phishing sites
There may be certain websites which resemble websites by the Singapore government, but are actually fake. These sites are meant for tricking the users and lure them to disclose the personal details. To make sure a site you’re using is not one of these phishing sites, it is imperative to check the URL prior to opening the site and see if it is correct. The genuine sites should have an address bar with a ‘lock’ sign icon in your web browser.

The inclusion of two-factor authentication into the Singapore government’s website security has helped protect the important personal data of over 5 million people in Singapore. It is no doubt an important tool in countering hacking and other illegal activities which could threaten the livelihood of many Singaporeans. Businesses can consider implementing the 2FA system into their own corporation, through corporate passes in Singapore. Social media sites such as Facebook and even Gmail are now offering users their own form of 2-Factor authentication, recognizing the importance of enhanced security in their web services. 2FA is likely the way forward, and we are only left to wonder what other new ways web developers can use to push website security even further.