Skip to main content
A Singapore Government Agency Website How to identify
Official website links end with .gov.sg
Government agencies communicate via .gov.sg websites (e.g. go.gov.sg/open). Trusted websites
Secure websites use HTTPS
Look for a lock () or https:// as an added precaution. Share sensitive information only on official, secure websites.

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore

Enable 2FA and Use Strong Passphrases

Notified of suspicious login attempts? Stop and Check if it's real

Last updated 5 November 2025

Enable Two-Factor Authentication (2FA) where available

Enabling 2FA ensures that if your password is phished or compromised, your account will be protected if the cybercriminal is unable to receive the second factor.

2FA uses more than one type of information to identify who you are to grant you access to your online account. The first factor in 2FA is usually something that you know, such as a password, while the second factor is usually something you have, such as a One-Time Password (OTP) from a digital token or an SMS that is sent to your mobile device. Another form of authentication involves biometrics, which includes fingerprints and face recognition. This second layer of security ensures that even if hackers obtain your password, your account is still protected if they are unable to get hold of the second factor.

2FA is readily available for many of your online accounts, including your email and social media accounts.

Use Strong Passphrases

Cybercriminals can use automated tools to steal your passwords. They can conduct dictionary or brute-force attacks to guess your password by checking it against ‘password dictionaries’, which compile lists of commonly-used passwords and character combinations. The shorter and less complex your password is, the quicker it is for cybercriminals to hack. For example, the password ‘123456’ can be hacked in less than one second.

Passphrases are passwords, but longer and made up of a string of words. Strong passphrases are important for keeping your online accounts and personal information safe from cybercriminals.

How to Create a Strong Passphrase 

A passphrase that is long (with at least 12 characters) and random is harder to guess. Here’s how to create a strong passphrase that you can remember easily.

Step 1: String together five different words that relate to a memory that is unique to you. For example, you may have learnt to ride a bike when you were five years old.

Step 2: Use uppercase and lowercase letters, numbers or symbols to make it even harder to crack. e.g. Learnt2RIDEabikeat5

Do remember not to use personal information such as your name, NRIC or birthdate, or other easily obtainable information such as those found on your social media accounts. Ensure that your passphrase does not have an obvious pattern and is unpredictable. Some examples include:

  • Using commonly-used phrases e.g. maytheforcebewithyou,

  • Capitalising the first letter of the password e.g. Livelongandprosper

  • Adding a number at the end e.g. password1

  • Replacing a letter with a number or symbol e.g. p@ssw0rd

Maintain Good Password Hygiene

It is important that you also take steps to maintain good password hygiene:

  • Use different passwords for each of your online accounts

  • Don’t share your passwords with anyone or write them down

  • Don’t log in to online services over unsecured Wi-Fi networks

  • Don’t reveal your passwords or OTP in response to unsolicited phone calls, emails or messages as it could be a phishing scam

If you believe that your password has been compromised, change it immediately and check your accounts for signs of unauthorised activity.

Use Reputable Password Managers

A password manager is a software application designed to store and manage your passwords.

Using a password manager will only require you to remember the master password that unlocks the password manager, eliminating the need to remember multiple passwords for multiple accounts.

Select a reputable one with 2FA so that even if cyber criminals have the primary password, they will be unable to access your account. Consider product reviews on reputable websites and only download them through official app stores such as the official Play Store (Android) and App Store (iOS).

Remember, even if your passwords are hard to guess with the usage of passphrases, they can still be stolen from an organisation that suffers a data breach.

By enabling 2FA, it can help to keep cybercriminals out of your accounts even if they know your passwords.

Resources

Infographics on how you can strengthen your account security
Infographics on how you can strengthen your account security