‘Unsafe and risky': Singapore orders end to IC number use as authentication in private sector
SINGAPORE, June 26 – Singapore's Ministry of Digital Development and Information (MDDI) has reportedly urged private sector entities to stop using National Registration Identity Card (NRIC) numbers as authentication tools or passwords due to security risks.
In a formal advisory issued today, the Personal Data Protection Commission (PDPC) and the Cyber Security Agency (CSA) advised organisations to cease using NRIC numbers to verify an individual's identity when granting access to personal services or information.
'While organisations may use NRIC numbers to identify who a person is over the phone or when using digital services, NRIC numbers should not be used to prove that a person is who he claims to be ... for the purposes of trying to gain access to services or information meant only for that person,' MDDI said as quoted by CNA.
The ministry highlighted that some organisations still require individuals to use NRIC numbers, sometimes as passwords, to access personal documents such as insurance files.
'It is unsafe for organisations to use NRIC numbers in this manner because a person's NRIC number may be known to others, permitting anyone who knows his NRIC number to impersonate him and easily access his personal data or record,' the ministry said.
MDDI called on organisations to stop using full or partial NRIC numbers for authentication, including setting them as default passwords or combining them with other easily obtainable data like birth dates.
'If it is necessary to authenticate a person, organisations should consider alternative methods, for example requiring the person to use strong passwords, security token or fingerprint identification,' it added.
The government is working with key sectors such as finance, healthcare, and telecommunications to develop tailored guidelines on identity authentication practices.
This comes as Singapore's Minister for Digital Development and Information Josephine Teo said in January that firms using NRIC numbers as authentication or default passwords must end the practice swiftly.
The policy shift came after public backlash in December 2024 over a new Bizfile portal launched by the Accounting and Corporate Regulatory Authority (ACRA), which had exposed names and full NRIC numbers through its search function.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
30 minutes ago
- Yahoo
Can CrowdStrike Stock Keep Moving Higher in 2025?
CrowdStrike's all-in-one Falcon cybersecurity platform is increasingly popular for businesses, and it has a substantial long-term growth runway. However, CrowdStrike stock is trading at a record high following a 40% gain this year, and its valuation is starting to look a little rich. Investors hoping for more upside in 2025 might be left disappointed, but there is still an opportunity here for those with a longer time horizon. 10 stocks we like better than CrowdStrike › CrowdStrike (NASDAQ: CRWD) is one of the world's biggest cybersecurity companies. Its stock has soared 40% year to date, but its current valuation might be a barrier to further upside for the remainder of the year. With that said, investors who are willing to take a longer-term view could still reap significant rewards by owning a slice of CrowdStrike. The company's holistic all-in-one platform is extremely popular with enterprise customers, and its annual recurring revenue (ARR) could more than double over the next six years based on a forecast from management. The cybersecurity industry is quite fragmented, meaning many providers often specialize in single products like cloud security or identity security, so businesses have to use multiple vendors to achieve adequate protection. CrowdStrike is an outlier in that regard because its Falcon platform is a true all-in-one solution that allows its customers to consolidate their entire cybersecurity stack with one vendor. Falcon uses a cloud-based architecture, which means organizations don't need to install software on every computer and device. It also relies heavily on artificial intelligence (AI) to automate threat detection and incident response, so it operates seamlessly in the background and requires minimal intervention, if any, from the average employee. To lighten the workload for cybersecurity managers specifically, CrowdStrike launched a virtual assistant in 2023 called Charlotte AI. It eliminates alert fatigue by autonomously filtering threats, which means human team members only have to focus on legitimate risks to their organization. Charlotte AI is 98% accurate when it comes to triaging threats, and the company says it's saving managers more than 40 hours per week on average right now. Falcon features 30 different modules (products), so businesses can put together a custom cybersecurity solution to suit their needs. At the end of the company's fiscal 2026 first quarter (ended April 30), a record 48% of its customers were using six or more modules, up from 44% in the year-ago period. It launched a new subscription option in 2023 called Flex, which allows businesses to shift their annual contracted spending among different Falcon modules as their needs change. This can save customers substantial amounts of money, and it also entices them to try modules they might not have otherwise used, which can lead to increased spending over the long term. This is driving what management calls "reflexes," which describes Flex customers who rapidly chew through their budgets and come back for more. The company says 39 Flex customers recently exhausted their budgets within the first five months of their 35-month contracts, and each of them came back to expand their spending. It ended the fiscal 2026 first quarter with a record $4.4 billion in ARR, which was up 22% year over year. That growth has slowed over the last few quarters, mainly because of the major Falcon outage on July 19 last year, which crashed 8.5 million customer computers. Management doesn't anticipate any long-term effects from the incident (which I'll discuss further in a moment) because Falcon is so valuable to customers, but the company did offer customer choice packages to affected businesses that included discounted Flex subscriptions. This is dealing a temporary blow to revenue growth. Here's where things get a little sticky for CrowdStrike. Its stock is up over 40% this year and is trading at a record high, but the strong move has pushed its price-to-sales ratio (P/S) up to 29.1 as of June 24. That makes it significantly more expensive than any of its peers in the AI cybersecurity space: This premium valuation might be a barrier to further upside for the rest of this year, and it seems Wall Street agrees. The Wall Street Journal tracks 53 analysts who cover the stock, and their average price target is $481.95, which is slightly under where it's trading now, implying there could be near-term downside. But there could still be an opportunity here for longer-term investors. As I mentioned earlier, management doesn't expect any lingering impacts from the Falcon outage last year because it continues to reiterate its goal to reach $10 billion in ARR by fiscal 2031. That represents potential growth of 127% from the current ARR of $4.4 billion, and if the forecast comes to fruition, it could fuel strong returns for the stock over the next six years. Plus, $10 billion is still a fraction of CrowdStrike's estimated addressable market of $116 billion today -- a figure management expects to more than double to $250 billion over the next few years. So while I don't think there's much upside on the table for CrowdStrike in the remainder of 2025, those who can hold on to it for the next six years and beyond still have a solid investment opportunity. Before you buy stock in CrowdStrike, consider this: The Motley Fool Stock Advisor analyst team just identified what they believe are the for investors to buy now… and CrowdStrike wasn't one of them. The 10 stocks that made the cut could produce monster returns in the coming years. Consider when Netflix made this list on December 17, 2004... if you invested $1,000 at the time of our recommendation, you'd have $687,731!* Or when Nvidia made this list on April 15, 2005... if you invested $1,000 at the time of our recommendation, you'd have $945,846!* Now, it's worth noting Stock Advisor's total average return is 818% — a market-crushing outperformance compared to 175% for the S&P 500. Don't miss out on the latest top 10 list, available when you join . See the 10 stocks » *Stock Advisor returns as of June 23, 2025 Anthony Di Pizio has no position in any of the stocks mentioned. The Motley Fool has positions in and recommends CrowdStrike and Zscaler. The Motley Fool recommends Palo Alto Networks. The Motley Fool has a disclosure policy. Can CrowdStrike Stock Keep Moving Higher in 2025? was originally published by The Motley Fool Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Fast Company
an hour ago
- Fast Company
WhatsApp just got banned on Capitol Hill. Here's how you can make the Meta messaging platform more secure
The U.S. House of Representatives' Chief Administrative Officer (CAO), Catherine Szpindor, informed congressional staffers this week that WhatsApp is now banned from government phones. The move came after the CAO's Office of Cybersecurity deemed the Meta-owned app to be 'high-risk to users'—a claim that WhatsApp quickly rebutted. But the CAO is correct. While WhatsApp is one of the more secure messaging apps out there, it does have some privacy and security risks. Users can mitigate some of these risks, but others are beyond their control. Here's why WhatsApp is now banned in the U.S. House of Representatives and how you can make the app more secure on your phone. What the Office of Cybersecurity said, exactly The news that the CAO's Office of Cybersecurity had announced a ban on WhatsApp this week came from Axios. On Tuesday, the publication published parts of an internal CAO memo it received, which was sent to congressional staffers on Monday, announcing that WhatsApp was now verboten on government phones. The memo stipulated that 'House staff are NOT allowed to download or keep the WhatsApp application on any House device, including any mobile, desktop, or web browser versions of its products.' It went on to add: 'If you have a WhatsApp application on your House-managed device, you will be contacted to remove it.' The reason? According to the memo, 'The Office of Cybersecurity has deemed WhatsApp a high-risk to users due to the lack of transparency in how it protects user data, absence of stored data encryption, and potential security risks involved with its use.' The CAO didn't provide further details in the memo regarding the above risks. Still, it's easy to interpret some of the things that may have made the CAO leery about the continued use of WhatsApp by Congressional staffers. WhatsApp's transparency issue WhatsApp, like competing secure messaging apps including Apple's iMessages and Signal, is end-to-end encrypted, meaning that no parties other than the ones in the chat, even including Meta, can read the chat messages. But WhatsApp collects a lot more metadata from each chat than other secure messaging apps do, and it sends this info to Meta A chat's metadata includes information such as the identities of the chat participants, IP addresses, phone numbers, and the timestamps of messages. No one knows exactly what Meta does with this metadata. Still, it is shared with Meta's other platforms, including Instagram and Facebook. It is likely used to help the company build social graphs of users, leveraged for advertising purposes, and analyzed by the company to understand who is using their apps, and when and where. This opaqueness is likely some of the 'lack of transparency' risk that the CAO was referring to. As for the 'absence of stored data encryption,' the CAO may have been referring to the default method by which WhatsApp backs up a user's chats. While WhatsApp chats are end-to-end encrypted, if a user backs up those chats to the cloud, the backup itself is not end-to-end encrypted by default. This means that if a bad actor gains access to a WhatsApp user's cloud backup, they could read all of that user's messages. It's no wonder the CAO's Office of Cybersecurity finds this worrying. WhatsApp also doesn't have other privacy and security features on by default, including the ability to lock the app behind biometrics and requiring two-step verification when a WhatsApp account is installed on another phone. If you don't work in the House of Representatives, you can still keep WhatsApp on your phone. But you might want to mitigate its privacy and security risks. Here's how. How to make WhatsApp more secure on your phone Unfortunately, there's nothing you can do about WhatsApp's metadata problem. Meta designs WhatsApp so that the metadata of your chats is sent directly to the company. There's no way you can turn this data collection off. But you can make the app more secure on your phone by following some simple steps, including: End-to-end encrypt your WhatsApp backups: In WhatsApp, go to Settings>Chats>Chat Backup>End-to-End Encrypted Backup and turn this option on. Now your chat backups saved in the cloud will be end-to-end encrypted. Lock WhatsApp: You can set WhatsApp to refuse to open without further authentication by locking the app. This means that even if someone has access to your unlocked phone, they won't be able to open WhatsApp unless they know your phone's PIN, or have your face or fingerprint. To lock WhatsApp, go to WhatsApp's Settings>Privacy>App Lock and toggle the feature on. Enable two-step verification: If someone logs into your WhatsApp account on their phone, they'll be able to see your messages. That's why you should set up two-step verification for your account. This will require a PIN that you set to be entered whenever an attempt is made to log into your WhatsApp account on a new device. If the PIN isn't entered correctly, the new device won't have access to your account. To enable two-step verification, go to WhatsApp's Settings>Account>Two-Step Verification and toggle the feature on. Apps the CAO suggests using instead When reached for comment on the CAO's decision to ban WhatsApp, the organization's chief administrative officer, Catherine Szpindor, told Fast Company, 'Protecting the People's House is our topmost priority, and we are always monitoring and analyzing for potential cybersecurity risks that could endanger the data of House Members and staff. We routinely review the list of House-authorized apps and will amend the list as deemed appropriate.' In the past, the CAO has banned or imposed partial bans on various foreign apps, including those from ByteDance, such as TikTok. But the CAO has also previously announced bans or restrictions on apps made by American companies, including Microsoft Copilot and the free versions of ChatGPT. As for Meta, a company spokesperson told Fast Company that it disagrees with the CAO's characterization of WhatsApp 'in the strongest possible terms.' The spokesperson also asserted that, when it comes to end-to-end encryption, WhatsApp offers 'a higher level of security than most of the apps on the CAO's approved list that do not offer that protection.' In the Office of Cybersecurity's memo, the agency provided guidance on alternative secure messaging apps that House staffers could use now that WhatsApp had been banned. According to Axios, those apps include Apple's iMessage and FaceTime, Microsoft Teams, Wickr, and Signal.
Yahoo
an hour ago
- Yahoo
BMO Raises SailPoint (SAIL) Price Target, Maintains Outperform Rating
SailPoint, Inc.(NASDAQ:SAIL) is one of . BMO Capital has raised its price target on SailPoint, Inc.(NASDAQ:SAIL) to $27 from $26, maintaining an Outperform rating following the company's stronger-than-expected first-quarter results. The firm noted that SailPoint delivered upside across all key top-line metrics, reflecting solid execution and continued demand for its identity security solutions. Despite the beat, management raised its full-year 2026 annual recurring revenue (ARR) guidance by a slightly smaller margin than the quarterly outperformance. A cybersecurity expert monitoring the security of the company's assets, emphasizing the importance of data protection. Still, BMO views the updated outlook as a sign of confidence and disciplined forecasting. The firm emphasized that SailPoint remains well-positioned to capture long-term growth, particularly as enterprises expand their digital environments and adopt more complex identity frameworks. A growing area of interest, according to BMO, is SailPoint's role in addressing security for machine identities and AI-driven agents—a trend expected to gain momentum in coming years. As businesses deploy artificial intelligence to automate processes, the need to secure non-human access points will become critical. SailPoint's platform, which already supports complex identity governance at scale, is considered one of the few capable of meeting this evolving demand. BMO's upward price target revision reflects its view that SailPoint, Inc.(NASDAQ:SAIL) is emerging as a key player in the future of identity security. With strong fundamentals and a clear strategic roadmap, the firm believes SailPoint is well situated to benefit from increased enterprise focus on secure, intelligent access control. While we acknowledge the potential of SAIL to grow, our conviction lies in the belief that some AI stocks hold greater promise for delivering higher returns and have limited downside risk. If you are looking for an AI stock that is more promising than SAIL and that has 100x upside potential, check out our report about this cheapest AI NEXT: 10 Best Small Cap Tech Stocks With Biggest Upside Potential and . Disclosure: None.
