IDA’s subsidiary Assurity has announced the launching of the 2FA token which IDA has worked on over the last few years and millions of dollar have been spent to do the feasibility study to come up with a national standard for safer internet commerce transactions. A good initiative indeed but what is fishy is why the lack of any bank signing up to back this service? Could this be the higher cost compared to the bank’s own deployment cost? Economics must be the real reason for the lackluster’s response? And the timing: DBS has announced less than two weeks ago with a device that looks like the Onekey device. Coincidence? I like to speculate that there are some politics going on behind. One less device to carry around? I bet you I have to add one more device instead.
Actually, a simpler solution I found useful is an email or sms every time you logon to your internet banking suffices as is currently practised in Thailand. I found it ironical that internet banking is a real concern to the authority that they mandate 2FA when there is a daily withdraw limit that you can do bank transfer in place but things that involve a lot more riskier transactions such as credit card online purchases and online stock purchases do not require 2FA. A hacker could have easily bankrupt someone by doing a rogue trade than withdraw a few thousands via internet banking. Sometimes simpler solution is more elegant, kind of remind me on the story of how the Russians solved writing in space using a pencil while NASA spent millions of dollar to develop a state-of-the-art pen to do exactly the same thing. Sometimes we do it the high tech way just because we can afford to!
New OneKey device to cut clutter of password tokens
Source: The Straits Times 12 Dec 2011
In the next few months, hundreds of thousands of Singaporeans will be given an advanced password token for securing their online transactions with two stock broking houses here. They are Phillip Securities and Kim Eng Securities.
The token, called OneKey, is from Assurity, a subsidiary of the Infocomm Development Authority (IDA).
OneKey comes with a keypad and is the size of a namecard. It generates a random password for added security in a process known as two-factor authentication (2FA).
The Government’s 2FA system, which was commercially launched on Monday, is meant to supplant the clutter of tokens issued separately by service providers like banks and stock broking firms here. But so far, no banks or government agencies have signed up to use OneKey, although Assurity executives said that ‘it will only be a matter of time’.
Other White Elephant cases: