The Association of Banks in Singapore has announced a measure to transition towards discontinuing the use of OTP across the board. Starting with users who have already installed the digital token app, within the next three months, they will no longer be able to use OTP. However, for those who have not yet installed the app, the banks will strive to persuade them to install the app going forward.
One-Time Passwords (OTPs) have been a good standard for two-factor authentication. It helps reduce the risk of users being compromised significantly. Nevertheless, malicious actors have adapted their attack methods by employing phishing websites that can deceive victims into entering OTPs to the wrongdoer, or even if using SMS OTP, there is a risk of phone numbers being intercepted. Nowadays, second-factor authentication methods must consider phishing attacks at all times, such as U2F or FIDO, which verify the URL of the website being accessed at all times.
Digital Token allows users to confirm logins or other transactions through the bank’s application. Users merely need to confirm transactions through the application’s screen. The application itself can authenticate the user who authorizes the transaction by fingerprint, facial recognition, or PIN. Users can see the transaction being confirmed, reducing the risk of falling victim to phishing where malicious actors can misuse OTPs for any transaction.
Although the Association of Banks in Singapore has set a deadline for three months ahead, each bank may have different timelines, for example, UOB is scheduled to discontinue OTP usage by the end of July.
TLDR: The Association of Banks in Singapore is moving towards ending OTP usage, starting with users who have the digital token app, and implementing more secure authentication methods to combat phishing attacks.
Leave a Comment