501 views
Photo from Freepik.

The role passwordless plays in securing Singapore’s digital future

By Jasie Fon

The password had a good run, but its time is up. 

Singapore's rapidly developing digital economy and widespread adoption of innovative technologies make it a prime target for cybercriminals. In 2024, the city-state suffered 20% of all cyberattacks in Southeast Asia.

One reason for this is password management. Whilst passwords are structurally built into online safety, they were never intended to scale with the complexity of modern digital ecosystems. Globally, passwords are responsible for over 80% of data breaches and present significant risks as they are susceptible to phishing, harvesting, and replay attacks.

Despite well-known flaws, their continued use illustrates just how deeply we have normalised a broken system.

Weak or reused passwords make it easier for cyber criminals to breach accounts, leading to identity theft and financial losses. With escalating digital attacks and the weaponisation of artificial intelligence (AI), traditional passwords are now the weakest link in the security chain.

It is projected that by 2027, AI agents — AI-powered software systems that can process text, voice, video, audio, code, and more simultaneously and autonomously to converse, reason, learn, adapt, and make decisions — will halve the time it takes to exploit account exposures.

Why use passwordless authentication?
An alternative to this is passwordless authentication. By eliminating passwords and cumbersome security questions, passwordless authentication redefines trust in the digital era.

Through biometrics, certificates, one-time codes or hardware tokens, organisations can minimise friction to access without compromising security.

And where it has been implemented, the data overwhelmingly shows that passwordless authentication is more aligned with the realities of today's cyber landscape. A report showed that 28% of global consumers prefer biometrics for logging in, ranking it as the top choice over other methods like complex passwords (17%) or one-time passcodes (13%).

These benefits have underpinned the rationale for passwordless authentication in the Singpass system, for instance, which acts as a digital identity for Singaporeans to safely access government and commercial sector services.

Charting a passwordless future
Although "going passwordless" is a newer approach, it increasingly aligns with international regulatory standards. In some cases, passwordless solutions even exceed compliance standards, particularly in sectors that prioritise data protection and user privacy.

In addition to biometrics, some of the more popular passwordless authentication methods already being used include Multi-Factor Authentication (MFA), which requires users to verify their identity through multiple forms of authentication such as a personal mobile device.

FIDO2 is another method, providing secure, passwordless authentication through public-key cryptography. QR-based authentication requires the user to scan a unique code on their device to log in, adding an extra layer of security without needing passwords.

A magic link is an email or message that allows users to log in directly by clicking the link, bypassing the need for a password. Passkeys are cryptographic keys stored on the user’s device, enabling seamless authentication without a password.

Finally, Yubikeys are physical security keys that users plug into their devices for authentication, offering strong, passwordless access with an added layer of physical security.

Going passwordless isn’t as scary as it seems
As with any shift in technology, questions remain about timing, complexity, cost, and readiness. Because of this, some organisations are understandably hesitant to adopt passwordless authentication. Some of the more popular misconceptions include:

It’s too early to make the shift
The truth is that adoption is already underway. Microsoft, Apple, and a growing number of enterprises have rolled out passkeys or other passwordless methods across ecosystems used by millions.

It’s going to add too much complexity
The real question is where the complexity lies: in the user’s hands or in your infrastructure. Understanding that trade-off is essential when planning any passwordless initiative.

It’s too expensive to justify
Whilst upfront implementation of passwordless systems can require investment, the long-term cost equation tells a different story. For customer-facing platforms, the stakes are even higher: A forgotten password can derail a purchase, hurt conversion rates or drive churn.

Choose the right fit
The password had a good run, but its time is up. A future built on trust, security, and frictionless authentication is not only possible, it’s already underway. Instead of following tradition and changing an already vulnerable password, let’s take a bolder step.

Let's celebrate passwords for what they have helped us achieve in cybersecurity, recognise their obsolescence, and chart a course towards a bold, new passwordless future.

Join Singapore Business Review community
A NOTE FROM SINGAPORE BUSINESS REVIEW

If you've been wondering whether SBR could work for your company — yes, probably.

A lot of the companies we partner with started as readers. They'd been following our coverage for a while, saw their own customers and competitors in it, and eventually asked the obvious question: could we do something with you? The answer is usually yes. The shape of it depends on what you're trying to do.


The options are broader than most people assume — thought leadership articles, sponsored content, industry summits across Southeast Asia, regional awards programmes, podcasts, and media placements in print and digital. Some partners use one channel; most use a mix. We figure out the right combination by starting with your brief, not with our rate card.


So if the question has been on your mind, here's the easy way to ask it.

We'll tell you honestly whether we can help, and how. It's a better use of everyone's time.