Singapore's Cyber Security Agency and Personal Data Protection Commission have jointly issued a sweeping advisory urging organizations to immediately discontinue the use of National Registration Identity Card numbers as authentication credentials, reports OpenGov Asia.
The advisory warns that NRIC numbers, being static and often accessible, are unsuitable for verifying identity and pose significant cybersecurity risks, especially when used alone or combined with birthdates or names. Organizations are urged to adopt a risk-based approach to authentication that aligns with the sensitivity of services or data being protected. Stronger alternatives such as multi-factor authentication, complex passphrases, and biometric verification are encouraged. The CSA also recommends tools like the SingCERT Password Checker and cybersecurity toolkits to aid compliance. This directive reflects Singapore's continued commitment to enhancing digital trust and defending against identity fraud and cyber threats. It also aligns with international best practices to safeguard personal identifiers and ensure a more resilient digital infrastructure for a growing economy.
The advisory warns that NRIC numbers, being static and often accessible, are unsuitable for verifying identity and pose significant cybersecurity risks, especially when used alone or combined with birthdates or names. Organizations are urged to adopt a risk-based approach to authentication that aligns with the sensitivity of services or data being protected. Stronger alternatives such as multi-factor authentication, complex passphrases, and biometric verification are encouraged. The CSA also recommends tools like the SingCERT Password Checker and cybersecurity toolkits to aid compliance. This directive reflects Singapore's continued commitment to enhancing digital trust and defending against identity fraud and cyber threats. It also aligns with international best practices to safeguard personal identifiers and ensure a more resilient digital infrastructure for a growing economy.
