A passkey protects your Singpass account by blocking common attack methods that target traditional passwords and OTPs. Your passkey only works with Singpass logins (singpass.gov.sg) on real government websites and private sector services integrated with Singpass, and requires your device to confirm every login.

Below are some examples of how a passkey can protect your Singpass account:

• Someone tricks you into entering your credentials on a fake website pretending to be Singpass.

  Because the passkey only works with official Singpass logins (singpass.gov.sg), it will not work on fake websites.

• Someone intercepts your OTP or login details.

  Passkey login does not require a password or OTP, so there are no credentials that attackers can steal or reuse.

• Someone tries to log in remotely using stolen credentials.

  The passkey is stored in your Singpass app and tied to your device. Your device must confirm the login using the passkey. When logging in on another device, such as a computer, a proximity check via Bluetooth will also be used to verify the phone is nearby. Without the device that holds the passkey, the login cannot be completed.