Banks in Singapore to phase out SMS OTP in 3 months
Singapore's major banks are replacing OTPs with digital tokens to combat evolving scams. MAS mandates the shift for enhanced security, urging prompt activation by customers from banks like DBS, OCBC, and UOB.
Read original article
In Singapore, major retail banks are mandated by the Monetary Authority of Singapore (MAS) to phase out one-time passwords (OTPs) within three months. This decision aims to enhance consumer protection against phishing and scams, considering the evolving tactics of scammers. Instead of OTPs, customers will now use digital tokens activated on their mobile devices for authentication. This shift is a response to the vulnerabilities of OTPs to various attacks, including phishing sites, Android malware, and man-in-the-middle attacks. The move towards digital tokens is seen as a more secure alternative to OTPs, with the MAS urging customers to activate them promptly. The transition to digital tokens is already underway, with a significant percentage of customers from major banks like DBS, OCBC, and UOB already using them. This initiative reflects a proactive approach by Singaporean banks to bolster online security and safeguard customers' financial information.
Related
How MFA is falling short
Multi-factor authentication (MFA) faces challenges from cyber attackers exploiting weaknesses. Breaches despite VPN, SSO, and Google Authenticator usage show risks like phishing, vishing, and Man-In-The-Middle attacks. Recent developments include "Tycoon 2FA" targeting Microsoft 365 and Gmail accounts, emphasizing the need for stronger authentication methods.
Half of Singapore's e-commerce scams happen on WhatsApp, Facebook, or Instagram
Nearly half of Singapore's e-commerce scams in 2023 were on WhatsApp, Facebook, and Instagram. Authorities criticized Meta for insufficient fraud prevention. Singapore faced a surge in scams, with losses totaling $480 million. Measures include the Online Criminal Harms Act and enhanced prevention efforts by Meta and e-commerce firms.
1Password and 2FA: Is it wrong to store passwords and one-time codes together? (2023)
Storing passwords and 2FA codes in 1Password is secure and convenient. The debate over using separate authenticator apps for TOTP codes is discussed, emphasizing the importance of account security through individual preferences and risk tolerance.
Selfie-based authentication raises eyebrows among infosec experts
Selfie-based authentication gains global momentum, Vietnam mandates face scans for transactions over $400. Concerns arise over leaked Singaporean selfies on the dark web. Experts note increased interest in selfie verification but highlight challenges in data protection and privacy laws. Organizations enhance security with liveness checks, biometric comparisons, and machine learning. Inclusivity and security balance remain crucial considerations.
Second Factor SMS: Worse Than Its Reputation
Security researchers accessed 200M 2FA-SMS messages, exposing a flaw in IdentifyMobile's system used by Google, Amazon, and Facebook. CCC recommends more secure authentication methods due to significant risks.
1 commentsRelated
How MFA is falling short
Multi-factor authentication (MFA) faces challenges from cyber attackers exploiting weaknesses. Breaches despite VPN, SSO, and Google Authenticator usage show risks like phishing, vishing, and Man-In-The-Middle attacks. Recent developments include "Tycoon 2FA" targeting Microsoft 365 and Gmail accounts, emphasizing the need for stronger authentication methods.
Half of Singapore's e-commerce scams happen on WhatsApp, Facebook, or Instagram
Nearly half of Singapore's e-commerce scams in 2023 were on WhatsApp, Facebook, and Instagram. Authorities criticized Meta for insufficient fraud prevention. Singapore faced a surge in scams, with losses totaling $480 million. Measures include the Online Criminal Harms Act and enhanced prevention efforts by Meta and e-commerce firms.
1Password and 2FA: Is it wrong to store passwords and one-time codes together? (2023)
Storing passwords and 2FA codes in 1Password is secure and convenient. The debate over using separate authenticator apps for TOTP codes is discussed, emphasizing the importance of account security through individual preferences and risk tolerance.
Selfie-based authentication raises eyebrows among infosec experts
Selfie-based authentication gains global momentum, Vietnam mandates face scans for transactions over $400. Concerns arise over leaked Singaporean selfies on the dark web. Experts note increased interest in selfie verification but highlight challenges in data protection and privacy laws. Organizations enhance security with liveness checks, biometric comparisons, and machine learning. Inclusivity and security balance remain crucial considerations.
Second Factor SMS: Worse Than Its Reputation
Security researchers accessed 200M 2FA-SMS messages, exposing a flaw in IdentifyMobile's system used by Google, Amazon, and Facebook. CCC recommends more secure authentication methods due to significant risks.