Branded
Why are govt agencies moving away from using partial NRIC numbers?
It’s because partial NRIC numbers are not reliable in telling you apart from others accurately.
Government agencies will progressively move away from using partial NRIC numbers.
Here’s why – and what you need to know.
Why move away from partial NRIC numbers?
Some of you may be wondering: Isn’t it enough to just use the last few characters of my NRIC number?
Well, it’s not really enough because each partial NRIC number can be shared by multiple individuals.
There are also instances where two people share both the same name and partial NRIC number.
That’s why the Government will stop using partial NRIC numbers, as they are insufficient and unreliable in telling you apart from others accurately.
When will full NRIC numbers be used?
In situations where it is necessary to tell you apart from others accurately, your full NRIC number will be used.
But in situations where it is not necessary to do so, the government will stop using NRIC numbers completely.
Is it safe to use my NRIC number as a password?
Since you need to provide your NRIC number in some situations, you are not the only one who knows it.
Hence, it is not safe to use your NRIC number as a password.
Mixing your partial NRIC number with other personal details such as your birth date? That’s not safe too.
A strong password should be something that only you know, and is difficult for others to guess.
Stopping the use of NRIC numbers as default passwords
This is why the government is working with organisations to stop using NRIC numbers as default passwords to grant access to e-documents or services intended only for you.
The government has made targeted moves to end this practice in the telecommunications, finance and insurance, and healthcare sectors, including by issuing specific regulatory guidance.
From Jan. 1, 2027, the Personal Data Protection Commission (PDPC) will step up enforcement action against private sector organisations that use NRIC numbers for authentication.
This will include issuing directions or imposing financial penalties.
So what should organisations use to grant you access to e-documents or services?
Organisations should use secure methods such as:
- Allowing users to set up a strong password (something only you know).
- Using biometric authentication like fingerprint or face verification (something only you have).
- Using a security token (something only you own).
You can protect yourself online by:
- Setting a strong password, such as a passphrase made up of a series of random words that is hard to crack but easy for you to remember (e.g. LearnttoRIDEabikeat5)
- Enabling two-factor authentication, or 2FA, for added security
So, if you’re still using your NRIC number as a password, change it to a strong password today and set up 2FA for added peace of mind.
If you suspect any improper use of NRIC numbers by private organisations, you can clarify with the organisation directly, or report them to the PDPC here.
This branded article, brought to you by the Ministry of Digital Development and Information, reminded the writer to think of stronger passwords.
Top image from Mothership.
