CaraComp
CaraComp
Forensic-Grade AI Face Recognition for:
Get Started7-day refund guarantee**
Podcast

Singapore Just Killed the Password — And It's Costing Scammers $40 Million a Year

Singapore Just Killed the Password — And It's Costing Scammers $40 Million a Year

Singapore Just Killed the Password — And It's Costing Scammers $40 Million a Year

0:00-0:00

This episode is based on our article:

Read the full article →

Singapore Just Killed the Password — And It's Costing Scammers $40 Million a Year

Full Episode Transcript


A password takes about twenty-four seconds to type and check. A passkey does the same job in about eight. And in Singapore, that difference is now costing scammers around forty million dollars a year in stolen money they can no longer grab.


Trusted by Investigators Worldwide
Run Forensic-Grade Comparisons in Seconds
Court-ready facial comparison reports. Results in seconds.
Get Started
7-day refund guarantee**
🎆 July 4th Sale: 50% OFF your first month — use code JULY426 at checkout · ends July 11

If you've ever typed a password into a login page,

If you've ever typed a password into a login page, this story is about you. Because the thing keeping most of your accounts safe — that string of letters and numbers — is also the thing scammers are built to steal. On July first, Singapore's national digital I.D. system, called Singpass, switched on passkeys for millions of people. That's the login that runs the country's taxes, healthcare, and banking. The government did it as a direct response to phishing scams draining tens of millions of dollars from ordinary people. So how does killing the password actually stop the thief?

Start with what a phishing scam really is. A scammer sends you a fake login page that looks exactly like the real one. You're tired, you're distracted, you type your password. And now they have it. A password is a shared secret — you know it, the website knows it, and anyone who tricks you into typing it knows it too. That's the flaw. It travels, so it can be stolen. This article is part of a series — start with Blocked By A Bot Europe Just Gave You The Right To Demand An.

A passkey works completely differently. Nothing secret ever leaves your device. Instead, your phone answers a one-time challenge from the real website using a private key locked inside the hardware. Here's the part that matters. That key is tied to the genuine web address. So if you land on a fake page, your phone simply won't respond. There's nothing to intercept, and nothing to hand over by mistake.

Now the scale. According to GovTech, Singpass serves about four and a half million active app users every month. They run more than forty million transactions across roughly two thousand seven hundred services. This isn't a small test. It's a whole nation shifting at once. For the rest of us, that's proof that passwordless isn't some future promise — it's already running under a country's real life. Previously in this series: Singapore Singpass Passkeys Phishing Passwordless Login Expl.


The Bottom Line

Singapore made one more deliberate choice. These passkeys are bound to your device. They don't sync up to the cloud like the ones Apple or Google offer on your personal phone. That means if your device is stolen, the government can switch the passkey off. If an account looks compromised, they can revoke access instantly. The trade-off? Less convenience when you switch phones. For a national I.D. holding your health and tax records, that's a trade they were willing to make.

But a passkey isn't a magic shield on its own. It only shuts the door on phishing if the old password login is actually turned off. Leave a password fallback in place, and the scammer just walks through the door you left open. Up next: Liveness Detection Selfie Id Verification Explained.

So here's the whole thing in plain words. Passwords can be stolen because you type them into fake pages. Passkeys can't, because your phone only answers the real website and never sends a secret at all. Singapore just proved a whole country can make that switch — and watch scam money dry up. Whether you file taxes online or just log into your bank, the login you've trusted your whole life is finally being replaced by something a scammer can't copy. The full breakdown's in the show notes if you want the deep dive.

Ready for forensic-grade facial comparison?

Full forensic reports with detailed similarity scoring. Results in seconds.

Run My First Search