Singapore Just Killed the Password — And It's Costing Scammers $40 Million a Year
Singapore Just Killed the Password — And It's Costing Scammers $40 Million a Year
This episode is based on our article:
Read the full article →Singapore Just Killed the Password — And It's Costing Scammers $40 Million a Year
Full Episode Transcript
A password takes about twenty-four seconds to type and check. A passkey does the same job in about eight. And in Singapore, that difference is now costing scammers around forty million dollars a year in stolen money they can no longer grab.
If you've ever typed a password into a login page,
If you've ever typed a password into a login page, this story is about you. Because the thing keeping most of your accounts safe — that string of letters and numbers — is also the thing scammers are built to steal. On July first, Singapore's national digital I.D. system, called Singpass, switched on passkeys for millions of people. That's the login that runs the country's taxes, healthcare, and banking. The government did it as a direct response to phishing scams draining tens of millions of dollars from ordinary people. So how does killing the password actually stop the thief?
Start with what a phishing scam really is. A scammer sends you a fake login page that looks exactly like the real one. You're tired, you're distracted, you type your password. And now they have it. A password is a shared secret — you know it, the website knows it, and anyone who tricks you into typing it knows it too. That's the flaw. It travels, so it can be stolen. This article is part of a series — start with Blocked By A Bot Europe Just Gave You The Right To Demand An.
A passkey works completely differently. Nothing secret ever leaves your device. Instead, your phone answers a one-time challenge from the real website using a private key locked inside the hardware. Here's the part that matters. That key is tied to the genuine web address. So if you land on a fake page, your phone simply won't respond. There's nothing to intercept, and nothing to hand over by mistake.
Now the scale. According to GovTech, Singpass serves about four and a half million active app users every month. They run more than forty million transactions across roughly two thousand seven hundred services. This isn't a small test. It's a whole nation shifting at once. For the rest of us, that's proof that passwordless isn't some future promise — it's already running under a country's real life. Previously in this series: Singapore Singpass Passkeys Phishing Passwordless Login Expl.
The Bottom Line
Singapore made one more deliberate choice. These passkeys are bound to your device. They don't sync up to the cloud like the ones Apple or Google offer on your personal phone. That means if your device is stolen, the government can switch the passkey off. If an account looks compromised, they can revoke access instantly. The trade-off? Less convenience when you switch phones. For a national I.D. holding your health and tax records, that's a trade they were willing to make.
But a passkey isn't a magic shield on its own. It only shuts the door on phishing if the old password login is actually turned off. Leave a password fallback in place, and the scammer just walks through the door you left open. Up next: Liveness Detection Selfie Id Verification Explained.
So here's the whole thing in plain words. Passwords can be stolen because you type them into fake pages. Passkeys can't, because your phone only answers the real website and never sends a secret at all. Singapore just proved a whole country can make that switch — and watch scam money dry up. Whether you file taxes online or just log into your bank, the login you've trusted your whole life is finally being replaced by something a scammer can't copy. The full breakdown's in the show notes if you want the deep dive.
Ready for forensic-grade facial comparison?
Full forensic reports with detailed similarity scoring. Results in seconds.
Run My First SearchMore Episodes
Texas Wants Your ID Before You Download a Recipe App
Picture this. You want to download a recipe app. A free one. Nothing racy, nothing restricted — just chicken dinners and grocery lists. Under a new Texas law, you might have to prove your age first, with a government I.D. or a face scan, befo
PodcastWhy That App Makes You Blink: The Hidden Second Check That Stops Someone Using Your Photo
You've probably done this without thinking twice. You open an app to verify your identity — a bank, maybe a government portal — and it asks you to blink. Or smile. Or turn your head slowly. And somewhere in the back of your mind you think, wh
PodcastBlocked by a Bot? Europe Just Gave You the Right to Demand Answers.
Picture this. You try to log into your own bank account. A face scan pops up. And a computer — not a person — decides you're not you. You're locked out. No explanation. No appeal button. Just, denied. If that's ever happ
