- Assurity Trusted Solutions partners V-Key to roll out a new, cutting-edge authentication solution, marrying security and convenience in one app for mobile users
- This marks the first time a mobile software authentication solution is made available under a national framework in Singapore
Singapore, 14 February 2017 – Assurity Trusted Solutions (Assurity) have inked a collaboration with V-Key, a global leader in digital mobile security and accredited by the Infocomm Media Development Authority (IMDA), to deliver an innovative form of authentication via V-Key’s mobile soft token application called V-Tap.
V-Tap will provide a new level of security and convenience for consumers who use commercial online services delivered through Assurity’s National Authentication Framework (NAF). This includes securities trading firms, banks and insurance companies. The mobile soft token will be offered in addition to Assurity’s hardware and SMS authentication solutions.
Users will simply download the new V-Tap enabled OneKey mobile app onto their mobile device and enrol with a registration code. This effectively binds their identity to their mobile device after which they can authenticate themselves and authorise transactions by means of the soft token.
Charles Fan, Chief Executive Officer of Assurity said: “With cyber threats becoming more sophisticated and the increasing number of people accessing their online accounts via mobile applications, there is a need to outpace these threats and provide end-users with a highly secure and yet convenient authentication option. The launch of this new soft token solution underscores our commitment to constantly seek safe and innovative solutions that cater to consumers’ security and lifestyle needs, such as enabling quick access to multiple online services with the use of a single authentication device.”
The software token from V-Key, also deployed by top banks in Singapore, combines the security of hardware tokens with the convenience of SMS-based One-time Password (OTPs). Unlike SMS-based OTPs however, soft token-based OTPs are able to work offline and do not require mobile network connections, eliminating latency and delivery issues.
V-Tap is built on top of V-OS, V-Key’s pioneering virtual secure element, which equals or betters smart chip security specifications and offers robust protection for the Assurity application including multi-layered protection against advanced threats targeting mobile applications. This means the protocols for verification of the user’s identity are as secure as those for services that require strong authentication such as financial transactions. By deploying V-Key’s solution, which works on both iOS and Android devices, Assurity adds another layer of security for smartphone users who seek to protect all their online transactions on-the-go conveniently, with one application.
Benjamin Mah, Chief Executive Officer of V-Key said: “We are meeting the demands for heightened mobile security in Singapore’s Smart Nation drive. The new authentication solution exemplifies a global standard of convenient security in software, as it will allow users to access online services safely and securely, from any location. This authentication solution enables the end-user to log into e-services almost instantaneously.”
“V-Key’s solutions are heralding a new phase in security by providing a deep security layer around the app itself. With the smartphone rapidly becoming a primary channel for organisations and consumers alike, the need to secure the mobile apps has become more important,” says Edwin Low, Director of Accreditation@IMDA.
Besides being a layer of convenient security, the soft token authentication solution can also be easily migrated to a new mobile device in case of loss, or change of the device. In such circumstances, if a person loses or replaces their phone they should contact their service provider to reactivate the application on their new phone. Reactivation will deactivate the old application on their previous phone and is a secure yet easy process. Compared to a hard token limited by its battery life, a soft token app can be upgraded over time and requires next to no maintenance and very little cost.
Assurity will start implementing the new soft token solution by the end of February. The company is in talks with its customers to implement this new authentication solution.
- Novel two-factor authentication solution aims at boosting security of electronic statementsTuesday, 9 June 2015, Singapore.
Companies can now use the OneKey two-factor authentication (2FA) token to enhance the security of their electronic statements for intended recipients. This was announced today by Toppan Forms and Assurity Trusted Solutions (Assurity) at the launch of the novel 2FA solution.
Mr Charles Fan, Chief Executive Officer of Assurity says, "Password-protected e-statements are increasingly gaining traction among companies. However, static passwords are not enough to prevent cyber access attacks. OneKey offers the solution of a time-based One-Time Password (OTP) that is more secure than a static password and that can foil such attacks."
Ms Caroline Wong, General Manager, Sales and Marketing, Toppan Forms says, “As more companies go paperless, there is a corresponding demand for secure e-statement solutions to protect the flow of information. Now recipients of e-statements, also known as push e-statements, can use the OneKey token to generate a OTP to unlock the statements. The sender will in turn be notified when the recipient unlocks the statement."OneKey, many service providers
Since its launch in December 2011, the OneKey token has been deployed by service providers in the private and public sectors. Mr Fan says the token is "a key offering in a spectrum of 2FA solutions that Assurity offers."
Mr Fan says, "As a security solutions company, Assurity serves the diverse needs of service providers ranging from SMEs to large corporations from different industry sectors such as finance, government, insurance and healthcare. Our unique value proposition is that end users can use the same token to access the online services of multiple service providers. Our diverse 2FA solutions, including SMS OTP and our pipeline software token, can also be deployed for creative uses beyond the conventional login, such as unlocking e-statements in this instance."
Monday, 18 August 2014.
Assurity Trusted Solutions (Assurity), a wholly owned subsidiary of the InfoComm Development Authority of Singapore (IDA), announced today the appointment of Charles Fan (范雨顺) as Chief Executive Officer. Mr Fan brings to Assurity over 30 years of IT services experience. Mr Fan will spearhead initiatives to enhance Assurity's market leadership position in Two-Factor Authentication (2FA) solutions for private sector companies and government agencies. He will also execute its technology roadmap and accelerate the company's next phase of growth as it capitalises on its robust security infrastructure and critical mass of 600,000 registered resident OneKey users to bring new service providers on board the National Authentication Framework (NAF).
Mr Fan says, “Assurity is in an exciting phase of growth having crossed the critical threshold of 600,000 registered OneKey users in Singapore. The rising trend of data security breaches makes it imperative for private sector companies and government agencies to deploy 2FA as an added layer of security. They can leverage Assurity's robust security infrastructure and range of customised 2FA solutions to protect their end users.”
Mr Fan began his career at Hewlett Packard as a Programmer Analyst in 1983 and rose through the ranks to become Vice President (Account Executive), HP Enterprise Services Group. During his 24-year career at HP, Charles worked in a wide range of roles, from managing HP’s internal IT infrastructure to leading a global team of delivery professionals for its Enterprise Services business.
From 2007 to 2010, Mr Fan was the CEO of OPUS IT Services Pte Ltd. During his tenure, the company was named an Enterprise 50 SME company in 2008 and rapidly gained a reputation for excellence in IT Services. At the same time, Mr Fan was actively involved as a council member in Singapore IT Federation (SiTF), especially in its Best Sourcing chapter.
Prior to his current appointment at Assurity, Mr Fan was Director of Services Delivery responsible for delivery excellence for IBM’s Strategic Outsourcing customers in ASEAN.
Mr Fan is a member of the School Management Committee for the Canossian School of the Hearing Impaired.
Mr Chai Chin Loon will remain as Chief Operating Officer and will oversee Assurity's day-to-day operations, technology risk management and public education initiatives.
Wednesday, 2 April 2014.
National Trades Union Congress (NTUC) members, who are Singaporeans and Permanent Residents, will enjoy greater convenience and secured access to its membership portal (NTUC U Portal) when NTUC rolls out the OneKey Two-Factor Authentication (2FA) device to them as part of a mass registration exercise.
Starting from April 2014, eligble NTUC members will receive their OneKey devices by mail. Members who receive their OneKey device will receive their PIN Mailer password in a separate mail, within five working days. Members are encouraged to activate their OneKey devices with their PIN within 30 days and link it to NTUC U Portal.
Amid the rising trend of cyber attacks worldwide that have resulted in passwords being stolen en masse, most service providers require their users to change their passwords every three to six months. In addition, passwords are getting more complex with strict requirements that state passwords need to contain at least eight characters, one uppercase letter, a lowercase letter, numbers and special characters. All these factors have resulted in some users forgetting their passwords frequently, and abandoning the use of e-Services.
Dr Kwong Yuk Wah, Chief Information Officer, NTUC said, “Online security is very important to everyone. Although passwords act as the first line of defence, they are subjected to hacking and can be very vulnerable. With NTUC leveraging on the National Authentication Framework (NAF) and adopting OneKey to be the password mechanism for online services, we remove the hassle for members having to create and remember a complex password. At the same time, we also play a part to strengthen our infocomm security defence for passwords from being compromised by cyber threats.”
The news has been welcomed by NTUC members. Ms Edna Low, an NTUC member for over 14 years, said, "I’m very happy to know that NTUC is using OneKey as it makes it easier for me to login for transactions without having to remember another password. I often forget what passwords I have created for various online platforms and I have to keep asking for new passwords because of infrequent use."
Upon successful registration, members will be able to access a myriad of e-Services, which include checking of LinkPoints, applying for training grants, booking of holiday facilities, registering for NTUC events, as well as updating their personal information, on the NTUC U Portal using the device. The same device can be used to access the online services of all the 15 Service Providers currently on board the NAF, including NTUC U Portal, NTUC Income, RHB Bank and CIMB Securities. Members can log on to http://www.onekey.sg/your-onekey/sp-list.html for the complete list of participating Service Providers.
Welcoming NTUC on board the NAF, Mr Chai Chin Loon, Chief Operating Officer, Assurity Trusted Solutions (Assurity) said, “NTUC's innovative use of OneKey shows that user convenience can go hand in hand with online security. Our past surveys have revealed that Singaporeans find it challenging to create and remember unique, complex passwords for different online accounts. As a result, they often use the same password for all their online accounts, thus creating a single point of failure which hackers can easily exploit. Using OneKey at login removes the need to create and remember different passwords while providing an additional layer of security”.
Members can email email@example.com or call the OneKey Customer Care Centre at (65) 6566 3539 (OKONEKEY) for assistance, whenever they face difficulties using the OneKey.
This exercise is expected to be completed by end June 2014.
Monday, 10 Mar 2014.
Assurity Trusted Solutions (Assurity), a wholly owned subsidiary of the Infocomm Development Authority of Singapore (IDA), announced today the launch of the universal OneKey two-factor authentication (2FA) device for visually impaired individuals. The device was developed in consultation with the Singapore Association of the Visually Handicapped (SAVH).
Mr Michael Tan, Executive Director of SAVH said, “The launch of OneKey for the visually impaired is most timely as more visually impaired individuals in Singapore go online for their financial transactions, such as online banking and online securities trading. Amid the rising trend of online fraud and identity theft, it is important for visually impaired individuals to protect their online transactions with 2FA, so they can enjoy the convenience of transacting online without compromising on their security.”
Mr Chai Chin Loon, Chief Operating Officer of Assurity said the device incorporates the same three important authentication functions currently deployed in OneKey Pad, namely, One-Time Password (OTP), Challenge Response and Transaction Signing. He said, “The device has an inbuilt text-to-voice function that reads back the OTP and other authentication information to the user. The device serial number is also embossed in Braille for the convenience of visually impaired end users.”
Mr Tan hopes that all online service providers requiring 2FA would join the National Authentication Framework (NAF) and adopt the device so as to “reduce the device load on visually impaired individuals.”
He said, “As devices for visually impaired individuals are larger and heavier compared to conventional keypad tokens, we hope all online service providers, including the banks, will deploy the universal OneKey device so that their visually impaired customers need only carry one device for all their online transactions.”
Registration for OneKey for visually impaired individuals
Visually impaired individuals can register for the device via the SAVH, NAF-enabled online service providers or the OneKey Customer Care Centre. To register via the SAVH and the OneKey Customer Care Centre, they would need to provide their NRIC details, SAVH ID Card details and/or a letter/certificate of visual impairment from their doctors. The first OneKey is free for Singaporeans and Permanent Residents.
More information can be found at http://www.onekey.sg.
- Strategic collaboration with Assurity Trusted Solutions aims at boosting security of electronic statements
Wednesday, 5 February 2014.
As more private and public sector companies turn to paperless statements to reduce printing and mailing costs, and minimise their impact on the environment, Toppan Forms has teamed up with Assurity Trusted Solutions (Assurity) to launch Singapore's first two-factor authentication (2FA) solution for push electronic statements. The innovative solution will leverage Assurity's OneKey 2FA device to enable recipients to “unlock” their e-statements securely and conveniently.
Ms Caroline Wong, General Manager, Sales and Marketing, Toppan Forms, says, “The conventional model requires end users to log into their service provider's portal to view their e-statements. End users may forget to do so since the e-statements are not sent directly to their designated email boxes, which may in turn lead to disputes between them and their service providers.
“With our new solution, end users receive the e-statements directly in their email boxes. They have to key in a One-Time Password (OTP) generated by their OneKey to unlock their e-statements. The act of unlocking using a 2FA device and OTP that is unique to them constitutes an acknowledgement of receipt,” says Ms Wong.
Passwords alone not secure enough
Amid the global rising trend of identity theft and online fraud, and in the wake of the recent hacking incidents in Singapore, relying on passwords alone is not secure enough. Mr Chai Chin Loon, Chief Operating Officer of Assurity says Toppan Forms' innovative use of OneKey will help “enhance the security of push e-statements.”
Chin Loon says, “Toppan Forms' new solution is innovative as it is the first 2FA-enabled solution for push e-statements in Singapore. End users receive the e-statements directly in their designated email boxes, which they can then unlock securely using the OTP generated by their OneKey device. Currently e-statements that are sent to the recipient's designated email box are accessible either without a password or with a static password. If the recipient's email account is hacked, the e-statements' passwords (if any) can be easily hacked, and the recipient's personal and financial information stolen.
“In contrast to static passwords, OTPs are not vulnerable to replay attacks. Even if the cyber intruder manages to record an OTP that was already used to log into the recipient's e-statement, he/she would not be able to abuse it since it will no longer be valid,” says Chin Loon.
This innovative solution can be used by existing service providers who have subscribed to the nationwide 2FA system and whose customers are currently using OneKey, and also by public and private sector companies looking for a secure, 2FA-enabled solution for their e-statements.
Monday, 16 December 2013.
As most Singaporeans plan for their overseas trips over Christmas and Chinese New Year, Assurity Trusted Solutions (Assurity) would like to remind them to activate two-factor authentication (2FA) for a cyber crime-free holiday.
Mr Chai Chin Loon, Chief Operating Officer of Assurity says, “Usernames and passwords are the first line of defence against cyber crime. Unfortunately, most people do not change their passwords regularly and do not have unique, complex passwords for their different online accounts. This makes their accounts vulnerable to hacking.
"2FA adds a second layer of defence against online fraud and identity theft. Passwords alone are not enough. Activate 2FA for your personal email, social networking and important financial accounts for peace of mind whether you are in Singapore or travelling overseas," says Chin Loon.
Quick tips to stay cyber-crime free this festive seasonHere are some quick tips from Assurity to stay cyber-crime free this festive season:
Surf onto www.onekey.sg or www.facebook.com/okonekey for more cyber security and 2FA tips and updates.
- Most prefer convenience of one universal device
Wednesday, 18 September 2013.
A survey of 500 local users' Two-Factor Authentication (2FA) knowledge and practices has shown that at least one in three local users owns a 2FA device – and the user base is set to grow, according to Assurity Trusted Solutions (Assurity), the first operator of the nationwide 2FA system.
Commenting on the survey results, Chai Chin Loon, Chief Operating Officer of Assurity said, “This is the first time we have figures on the prevalence of 2FA device in Singapore. The use of 2FA devices can be traced back to when banks first made 2FA compulsory at login. Securities trading firms started issuing OneKey in November 2012. The user base for 2FA devices has expanded and is likely to continue to expand as more local users transact online. In addition, as people become more aware of the rising threat of identity theft and online fraud, the use of 2FA will increase.
“The survey has also given us useful information on the concerns of current users. This will help us strike a careful balance between meeting their need for convenience and creating a secure online environment, as the technology evolves,” he said.One user, too many devices
Among respondents with 2FA devices, the majority owned two devices each (about 23 percent), followed by one device (about 20 percent), four devices (about 14 percent), three devices (about 12 percent), five devices (about five percent), six devices (about four percent) and seven devices (about two percent). One respondent had eight devices. For respondents who owned two or more devices, 43 percent indicated that their main concern was carrying too many devices – they would prefer to use just one universal device.
98 percent of the transactions relate to online banking for respondents with more than 2 devices and who carried out weekly online transactions. When asked which category of service providers they would most like to see using OneKey, about 50 percent of the respondents cited banks.
Chin Loon said, “Using 2FA devices to authenticate online banking transactions has become the norm in Singapore. However, the main concern among current users is they are saddled with too many devices. OneKey is the only universal device in Singapore that can authenticate online transactions across different industries. We will approach service providers with the survey results to show them what users want, and encourage them to offer OneKey for the convenience and enhanced security of their end users.”
Currently, there are over 60,000 OneKey users who carried out more than 300,000 2FA transactions a month, and enjoy the convenience and security of using their OneKey with multiple OneKey service providers such as securities trading firms, banks and NTUC Income. More than 3,000 users are already using OneKey with multiple service providers.
“As more service providers join the nationwide 2FA system, users will progressively use their OneKey for multiple e-services. “Chin Loon said.- Ends -
Note to Editors
Partnership with Assurity makes NTUC Income the first insurer to adopt OneKey and proactively protect customers against evolving security threats>
Singapore, 6 March 2013 – NTUC Income, a leading Singapore insurer, and Assurity, the first authentication operator under the National Authentication Framework, announced an agreement to further embed security into the Singapore insurer’s online customer service system. This latest technology initiative is an effort to further safeguard policyholder information that is exchanged in the course of customers’ online transactions.
Today's announcement makes NTUC Income the first insurer in Singapore to adopt OneKey, Assurity’s nationwide two-factor authentication device for users of online services across different sectors. It builds on NTUC Income’s proactive security enhancing measures over the last few years aimed at protecting customers against evolving security threats.
NTUC Income has invited all its customers to register for the service. Current OneKey users can link their device to NTUC Income through their me@income accounts for immediate use.
“As a financial institution where trust is paramount, NTUC Income is committed to continually boosting our secure-by-design IT infrastructure,” said Mr Siow Wee Loong, Chief Operations Officer, NTUC Income. “Through our adoption of OneKey, we are giving our policyholders the confidence that their personal and policies information is secure amidst a landscape of ever-changing cyber-security threats."
Mr Siow added, “Online insurance transactions are an important part of transforming the insurance industry and enhancing customer service to policyholders. OneKey enables secure access to policyholder information and records, helping policyholders to keep track of their insurance portfolios.”OneKey Registration
To register for OneKey, NTUC Income policyholders can go to www.income.com.sg/securedaccess. They can also visit Assurity’s website to watch a series of “how-to” videos (http://www.onekey.sg/your-onekey/register.html) or call its 24-hour hotline 65-65663539 (OKONEKEY). Policyholders who are Singaporeans or permanent residents can log in to their me@income accounts and request for this security device at no charge. Foreigners with FIN identity cards will have to register at the OneKey Customer Care Centre at International Plaza for a fee.
- Student education outreach at Temasek Polytechnic to raise cyber security awareness
Tuesday, 15 January 2013.
As most Singaporeans plan for their overseas trips over Chinese New Year, Assurity Trusted Solutions (Assurity) would like to remind them to return to basics and secure their passwords for a cyber crime-free holiday.
Mr Chai Chin Loon, Chief Operating Officer of Assurity says, “Usernames and passwords are the first line of defence against cyber crime. Unfortunately, most people have a simple, universal password instead of unique, complex passwords for their different accounts. This makes their accounts (email, online banking, online securities trading etc.) vulnerable to hacking.”
To raise awareness of the importance of using unique, complex passwords and changing one's passwords regularly, Assurity has teamed up with the School of Informatics & IT from Temasek Polytechnic to host a cyber security exhibition on their campus from 21 to 22 Jan 13. Students and the public can look forward to educational pamphlets, interactive cyber security games and lucky-draw redemptions. At the same time, there will also be information on the OneKey two-factor authentication (2FA) device.
Chin Loon says, “2FA forms an important second line of defence against identity theft and online fraud. Most Singaporeans have received their new keypad tokens with transaction signing function to authenticate their online banking and securities trading transactions. However, we have received feedback of confusion over the different functions of the keypad tokens, especially transactions signing. At the exhibition, we will demonstrate the use of transaction signing, and reinforce the message of transaction signing being a key defence against Man-in-the-Middle attacks.”
For tips on creating unique, complex passwords, log on to http://www.onekey.sg/fun-with-onekey/events.html or see Appendix.Appendix
Here are some ideas on what makes a weak password:
Look upon it as a game when you are creating a password, so you won’t find it to be a chore to do so. Challenge yourself on creating a strong password. The challenge also includes not making it impossible for you to remember!Here are some ideas on what makes a strong password:
Passwords provide the first line of defence against unauthorised access to your computer. This responsibility can truly lie only in our own hands.
- OneKey first in world to authenticate online transactions across different industries
Thursday, 15 November 2012, Singapore.
RHB Bank today announced the successful integration of its security framework with the national two-factor (2FA) authentication system. This makes RHB Bank the first bank in Singapore to deploy the OneKey two-factor authentication (2FA) device to protect its consumers' online transactions. For the first time, Singaporeans can now use OneKey to authenticate their online banking and online securities trading transactions. This makes OneKey the first 2FA device in the world to authenticate online transactions across different industries.
Mr See How Gee, Head of Internet Banking, RHB Bank, said, “Amid the rising trend of online security breaches, the One-Time Password (OTP) generated by traditional tokens is no longer sufficient to protect consumers' online transactions. In addition to OTP, OneKey allows users to enter other details which serve as an added layer of verification and stronger defence against security breaches.”
Welcoming RHB Bank on board the national 2FA system, Mr Chai Chin Loon, Chief Operating Officer of Assurity Trusted Solutions said, “Typical 2FA transactions based on just OTP, either through hardware device or SMS, can still be exploited by man-in-the-middle attacks. Man-in-the-middle is one of the most serious threats to online banking today. The Transaction Signing security function in OneKey will help counter this threat by requiring users to key in their transaction details. This provides an additional layer of security to detect any changes to the details.”
Customers who have an RHB Now internet banking account, which was launched last year by the bank, are now able to register for their OneKey.Combining security with convenience
With the first bank on board the national 2FA system, OneKey is now a step closer to its vision of being a universal, cross-industry authentication device. Mr Chai said, “Apart from enhanced security, RHB Bank consumers also enjoy greater convenience as they can use OneKey to authenticate their transactions across multiple online platforms such as online securities trading. Future plans for OneKey include authenticating access to online health and insurance records." Currently, seven securities trading firms have joined the national 2FA system. They are: AmFraser, CIMB Securities, DMG & Partners Securities Pte Ltd, Lim & Tan Securities, Maybank Kim Eng Securities, Phillip Securities and UOB Kay Hian.OneKey Registration
To facilitate registration for OneKey, Assurity has developed a series of “how-to” videos hosted on its website (http://www.onekey.sg/your-onekey/register.html). To register for their OneKey, end users have to first log on to their service provider's website [https://logon.rhbbank.com.sg], click on the “registration” link and follow the instructions. Step-by-step instructions are also given on the OneKey website at www.onekey.sg. Assurity has a 24-hour Hotline at: 65-65663539 (OKONEKEY) to address inquiries about OneKey.Note to editors
A basic 2FA platform requires a user to receive a one-time password (OTP), either via a physical device, or through a text message to his personal electronic devices (such as handphone), to complete the transaction. These devices are vulnerable to malware that can steal personal information and sniff out unencrypted text messages. A recent spate of man-in-the-middle attacks, SpyEye1 being a high-profile example, have exposed the vulnerabilities of basic 2FA using OTP only. The introduction of OneKey will help safeguard end users' online transactions with its triple functions of OTP, Challenge Response and Transaction Signing.
MORE THAN 50 PERCENT OF SINGAPOREANS DO NOT PROTECT ONLINE ACCOUNTS ADEQUATELY, SURVEY RESULTS SHOWJoe and Black Hat comic characters to bring good cyber hygiene practices and 2FA to life at public libraries across Singapore
Thursday, 26 July 2012, Singapore.
Claims of email and social networking accounts being hacked into and personal data and photos being stolen for criminal use are becoming more frequent in Singapore and globally, but despite this, most Singaporeans are still not protecting their online accounts with cyber-safe practices such as using unique passwords and changing their passwords regularly, much less activating two-factor authentication (2FA), according to a survey of 346 Singaporeans by Assurity Trusted Solutions (Assurity) at Raffles Place from 2 to 4 April 2012. Assurity is the first operator to provide 2FA services as part of IDA’s nationwide initiatives for strong authentication.
The survey results show that social networking (82 percent of all respondents) followed by online banking (72 percent) and online shopping (71 percent) are Singaporeans' most popular online activities at home. The survey results also show that 60 percent of the respondents who file tax returns online never change their passwords; 7 percent do so quarterly as recommended. Furthermore, 59 percent of the respondents who use other government services never change their passwords. For users of online banking services, 10 percent of respondents change their passwords quarterly as recommended; 52 percent of respondents never change their passwords. For security traders who trade online, 54 percent of the respondents never change their passwords; only 9 percent change their passwords quarterly. 45 percent of all respondents do not have different passwords for all their online accounts.
Mr Chai Chin Loon, Chief Operating Officer of Assurity said, “Good cyber hygiene practices are generally lacking across the board. Starting with first-factor authentication (1FA), passwords should be changed quarterly. Always use complex passwords comprising at least one upper-case letter, one lower-case letter, a special character and a number. Finally, avoid using the same password for all your online accounts. Use a unique password for each account.”
The survey results also show that 74 percent of the respondents acknowledge 2FA as a key element of an ideal security protocol.
“Clearly, the failure to activate 2FA is not due to a lack of awareness. End users should also activate 2FA whenever possible to strengthen their online security,” said Chin Loon.Most concerned about financial loss
When asked what they were most concerned about when performing an online transaction, most of the respondents indicated someone hacking into their financial information (68 percent) followed by identity theft (45 percent) and their private information being made public (44 percent). “Given their primary fear of financial loss, the banks' current or imminent introduction of 2FA with transaction signing should go down well with consumers who do not mind the slight inconvenience in exchange for enhanced security,” said Chin Loon. The survey also showed a statistically significant correlation between currently “using 2FA for online banking” and “regarding 2FA as an ideal security protocol for online banking” - a correlation that was not seen in other categories.
Chin Loon said, “These insights are valuable as they suggest that consumers who conduct online banking are already more vigilant against cybercrime than other categories of consumers. We should thus focus our education on making 2FA a way of life for sensitive online transactions, including email, social networking, accessing online health records and financial information, etc.”Bringing 2FA to life at public libraries
To help bridge the gap between Singaporeans' 2FA awareness and actual practice, Assurity's comic characters Joe and Black Hat will make appearances at 2FA awareness talks to be held at various public libraries in Singapore from now until November 2012. Their next appearance will be at a free 2FA awareness talk at Ang Mo Kio public library this Saturday, 28 Jul 12 from 2 to 3pm. The public can also log on to www.onekey.sg and click on “Events” for more information and registration details.
Monday, 11 June 2012, Singapore. News of personal email accounts and social networking sites being hacked into have become very common in recent years. Conventional usernames and passwords, also known as first-factor authentication, are simply not secure enough to stem the rising trend of online identity theft. End users need to start activating two-factor authentication or 2FA, according to experts from Assurity Trusted Solutions (Assurity).
To equip Singaporeans with practical skills to protect their online accounts and transactions, Assurity will launch its inaugural 2FA awareness talk at Pasir Ris Public Library, National Library Board on Saturday, 14 July 12. A detailed schedule of subsequent talks held by Assurity's “white hats” or team of 2FA experts can be found in Appendix.
Mr Chai Chin Loon, Chief Operating Officer of Assurity said, “Although the concept of 2FA is not new, we have discovered from our ongoing exhibitions at various libraries in Singapore that the awareness of 2FA and good cyber hygiene practices among the public can be improved. The talk will help us reach out to the heartlanders and lay the foundation for greater awareness of and adoption of 2FA. 2FA will play an increasingly important role in our lives amid the rising global trend of online fraud and identity theft.”
The popular characters Joe and Black Hat will be present before each talk to distribute a quick quiz to test participants' 2FA awareness and to urge vigilance against cyber crime.
For more information about the talks, the public can log on to www.onekey.sg and click on “Events” or visit www.facebook.com/okonekey for regular updates.
Surf on http://golibrary.nlb.gov.sg/ or pick up the free monthly issue of Go Library at all 24 Public libraries for regular updates.
Wednesday, 2 May 2012, Singapore. Two-factor authentication or 2FA will soon become a fact of life for every Singaporean when banks, securities trading firms and other e-service providers adopt the OneKey 2FA device to protect their end users' online transactions. To help Singaporeans understand 2FA better, Assurity Trusted Solutions (Assurity) will launch an interactive exhibition at Central Public Library, National Library Board on 4 May 12. The exhibition features a cabinet with four informational plasma screens, one of which features a challenging cyber maze game. The exhibition will be held for two weeks, after which it will tour various libraries throughout Singapore. A detailed schedule can be found in Appendix.
Mr Chai Chin Loon, Chief Operating Officer of Assurity said, “Although the concept of 2FA is not new, we discovered from our recent roadshow at Raffles Place that the awareness of 2FA and good cyber hygiene practices among the public can be improved. The exhibition will help us reach out to the heartlanders and lay the foundation for greater awareness of and adoption of 2FA. 2FA will play an increasingly important role in our lives amid the rising global trend of online fraud and identity theft.”
An hour-long talk will also be held at each public venue to drive home the exhibition's messages. The popular characters Joe and Black Hat, who first appeared at the Raffles Place roadshow, will be present before each talk to urge the public to view the exhibition, fill out a quick quiz to test their 2FA awareness and also attend the talk.
Surf on http://golibrary.nlb.gov.sg/ or pick up the free monthly issue of Go Library at all 24 Public libraries for regular updates.
Singapore 2 April 2012 – Another Five new securities trading firms have come on board the national two-factor authentication (2FA) system, namely, AmFraser, CIMB Securities, DMG & Partners Securities Pte Ltd, Lim & Tan Securities and UOB Kay Hian. They will join the two current securities trading firms, Maybank Kim Eng Securities and Phillip Securities, in offering the OneKey 2FA device to protect their investors' online transactions. Each Service Provider will activate 2FA for its online services according to its own schedule.
Security for online transactions gets a boost in Singapore today with the launch of a new second factor authentication (2FA) device called “OneKey”. This device will be issued to all Singaporeans and Permanent Residents above 15 years of age. Speaking at a roadshow to raise awareness of cyber security among securities investors, Mr Chai Chin Loon, Chief Operating Officer of Assurity Trusted Solutions (Assurity) said, “With five more securities trading firms on board the national 2FA system, we estimate that a few hundred thousand users will soon enjoy the enhanced security and convenience of using just OneKey.”Rising trend of online fraud and identity theft
Mr Chai said, “Currently to trade online, most securities investors need only key in their username and password (also known as first-factor authentication or 1FA), which is required to be unique, complex and changed regularly. 2FA transactions based on OTP provide an important additional layer of protection to counter cyber attacks. This is significantly more secure.”
Ms Melinda Sam, Chief Executive Officer of the Securities Association of Singapore said the adoption of OneKey by 80 percent of Singapore's retail stockbroking firms is most timely as “more and more investors are IT savvy and trading online." She said, "Online securities trading is becoming more common. 10 years ago, less than 10 percent of investors traded online. Today, more than 50 percent do so. However, with convenience comes risk and OneKey helps to mitigate such risks. We encourage investors to adopt 2FA for the additional peace of mind in their trading."
In addition to safeguarding investors' online transactions, OneKey also gives them access to multiple online platforms for online banking and e-government services. Those who use diverse online services can look forward to the convenience of using just OneKey as other Service Providers come on board.
Mr Lim Hup Seng, Executive Chairman of Assurity, said, “OneKey is the world's first national 2FA device for users of public and private sector online services. This means users can protect their online transactions over a wide range of Service Providers using just OneKey. The convenience of carrying just one device instead of being saddled with multiple tokens will soon be a reality as more Service Providers come on board this year.”Cyber security roadshow
For more information, the public can visit the OneKey website at where they can also get the latest e-Security updates. Assurity has a 24-hour Hotline at: 65-6566 3539 (OKONEKEY) to address enquiries about OneKey.
Singapore, 16 January 2012 – Turn on your 2FA this festive season to reduce the risk of 'Lost in Spain/Algeria'-type scams” - this is the message Assurity Trusted Solutions (Assurity) wants to put across to Singaporeans ahead of the Chinese New Year holidays. “The Chinese New Year holidays are a popular period for Singaporeans to vacation overseas. If they do not activate 2FA for their email accounts and social networking sites, they may become vulnerable to attacks by hackers who may exploit their accounts to send out 'Lost in Spain/Algeria'-type emails to their unsuspecting friends and relatives,” said Mr Chai Chin Loon, Chief Operating Officer of Assurity, a wholly owned subsidiary of the Infocomm Development Authority of Singapore (IDA). Assurity is also the first operator of the national two-factor authentication system. Currently, Gmail and Facebook offer 2FA in Singapore. Mr Chai says it takes fewer than five minutes to activate 2FA.
You can quickly turn on your 2FA on gmail by referring to: http://support.google.com/accounts/bin/static.py?hl=en&topic=1056284&guide=1056283&page=guide.cs
And similarly you can turn on your 2FA for facebook by referring to :http://www.facebook.com/note.php?note_id=10150172618258920
Singapore, 12 December 2011 – Service providers such as banks and securities trading firms can now offer their end users the security and convenience of using just one two-factor authentication (2FA) device (OneKey). This was announced today by Assurity Trusted Solutions (Assurity), a wholly-owned subsidiary of Infocomm Development Authority of Singapore (IDA), at the public launch of OneKey.
Speaking at the event, Mr Chai Chin Loon, Chief Operating Officer of Assurity said, “Today marks a milestone for national e-security as the national two-factor authentication system goes live. With OneKey, end users would be able to make more secure online transactions and access multiple services using just one security device.”
Rising trend of online fraud and identity theft. Amid the rising trend of online fraud and identity theft, banks and securities trading firms have been required to put in place a 2FA platform for customers to make electronic transactions. The 2FA platform is an important second line of defence against unauthorised transactions.
A basic 2FA platform requires a user to receive a one-time password (OTP), either via a physical device, or through a text message to his personal electronic devices (such as handphone), to complete the transaction. These devices are vulnerable to malware that can steal personal information and sniff out unencrypted text messages. A recent spate of man-in-the-middle attacks, SpyEye being a high-profile example, have exposed the vulnerabilities of basic 2FA using OTP only. The introduction of OneKey will help safeguard end users' online transactions with its triple functions of OTP, Challenge Response and Transaction Signing.
Mr Chai said, “Typical 2FA transactions based on just OTP, either through hardware device or SMS, can still be exploited by man-in-the-middle attacks. Transaction Signing will require users to key in their transaction details, which provide an additional layer of security to detect any changes to the details. One can think of Transaction Signing in OneKey as the equivalent of signing an online cheque.”
OneKey is developed by ST Electronics. The device is manufactured by VASCO Data Security International Inc, a US-based leader in strong authentication and e-signature solutions.
Mr Lim Hup Seng, Executive Chairman of Assurity said, “We are in the era of the Internet and e-transactions will be a way of life. We envisage that in time to come, the majority of the people will transact online. The national two-factor authentication system is now live. Service Providers can now protect their end users' online transactions. OneKey offers security with convenience.”
The pioneer Service Providers to rise to the challenge are Phillip Securities Pte Ltd, Kim Eng Securities Pte Ltd and ST Electronics. Phillip Securities and Kim Eng Securities have started integration testing and will pilot OneKey among their end users soon. Employees of ST Electronics and Engineering have started using OneKey.
Accessing multiple online platforms with just OneKey
OneKey also gives users access to multiple online platforms. They may do online banking and online securities trading with just a single device. Users can look forward to the convenience of using just OneKey as more Service Providers come on board.
Ms Rachel Lee, Managing Director of SC Auto Industries says, “I am really excited about this new national initiative to consolidate all 2FA tokens into a single device. I now hold nine tokens for both my personal and corporate banking. It is such a nightmare especially when I am overseas and have to make payment approvals and fund transfers! Now I can have the option of carrying just OneKey.”
E-security awareness programme
From January 2012, Assurity will roll out a year-long public education programme to guide consumers on how to use OneKey. There will be talks and exhibitions to engage the public. These public exhibitions will take the fun-and-games approach. The first public education outreach was held today at lunchtime at Mapletree Business City.
For more information, visit the OneKey website: www.onekey.sg or call the 24-hour Hotline at: 65-65663539 (OKONEKEY).
The National Authentication Framework was recognised by KPMG's prestigious Infrastructure 100 in a report released at the recent World Cities Summit.- July 2012
Increased global connectivity means that data security is quickly becoming a critical issue. The National Authentication Framework in Singapore is a key program under the iN2015 Masterplan to deploy a trusted and cost-effective nationwide platform for strong authentication by public-facing online services that handle sensitive information and/ or facilitate transactions. The new system will boost the security of the country’s communication infrastructure by providing a more rigorous process of identification; thus safeguarding against unauthorized access to sensitive information such as bank account details, securities trading account details or electronic health records.
Source: Infrastructure 100 Report
12 December 2011 @ MapleTree Business City
OneKey, the world's first national two-factor authentication device for users of private and public sector online services, was launched on 12 December 2011 at Mapletree Business City. Service Providers from the financial industry (banks and securities trading firms) and government agencies were present to witness a sweltering performance by Zingo Drums as a prelude to the launch. The lunchtime crowd was also entertained by the rousing music of popular acoustic duo Jack & Rai who creatively interspersed their music with the OneKey keywords of enhanced eSecurity and convenience. Mr Lim Hup Seng, Executive Chairman of Assurity Trusted Solutions, was on hand to present tokens of appreciation to the pioneer Service Providers Phillip Securities Pte Ltd and Kim Eng Securities Pte Ltd, and also to the Guest-of-Honour Mr Ronnie Tay, Chief Executive of IDA. With the launch of OneKey, eligible Singaporeans, Permanent Residents and FIN Pass holders can look forward to the convenience of accessing multiple online platforms with just one 2FA security device.