Security News > 2024 > July > Singapore's banks to ditch texted one-time passwords

After around two decades of allowing one-time passwords delivered by text message to assist log ins to bank accounts in Singapore, the city-state will abandon the authentication technique.

The Monetary Authority of Singapore and The Association of Banks in Singapore announced on Tuesday that "Major retail banks in Singapore will progressively phase out the use of One-Time Passwords for bank account login by customers who are digital token users within the next three months."

Selfie-based authentication raises eyebrows among infosec experts China's Big Tech companies taught Asia to pay by scanning QR codes, but made a mess along the way Interpol's latest cybercrime intervention dismantles ransomware, banking malware servers Singapore wants datacenters, clouds, regulated like critical infrastructure.

The Register asked ABS and MAS what measures, if any, will be taken to include those who don't have or want mobile phones - a situation Singapore recognized in 2020 when it created a device to substitute for its COVID-19 tracking app.

It's therefore unclear how the plan to ditch SMS 2FA will impact groups such as neo-luddites and the elderly, especially as dedicated physical tokens have also been a phased out in Singapore.

Singapore routinely stays at the forefront of such practices.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/07/12/singapore_banks_fight_phishing/