Will mobile services become more user-friendly? In a recent announcement, 2 of the 3 largest banks in Singapore are taking the lead to remove physical dongles from their services starting next year. This means that the fuss of owning multiple authentication dongles is finally over.
A quick overview of the latest announcements from the major banks in Singapore (as of April 2017):
DBS: The issuance of physical tokens will cease to distribute by second quarter of 2018
OCBC: Biometrics authentication is under consideration
UOB: Expanding digital tokens for its Internet banking users by the end of 2017
What are physical dongles in mobile services?
Physical dongles, or commonly known as security tokens, have been around for the last decade or so. These dongles have been commonly used as part of the 2-step verification process for our online transactions. Many of us are familiar with these dongles either from our banking or government services such as the OneKey token for Singpass.
Specifically, dongles generate unique keys to unlock software functionalities through a cryptographic protection mechanism (usually an asynchronous password or a one-time password). To put it simply:
|Terms||What We Mean|
|Dongles||Plastic Hardware that acts like an electronic key|
|Software Functionalities||These functions include access to sensitive data and transactions such as bank statements|
|Protection Mechanism||This mechanism requires a unique code to be activated. This code can be triggered when you press a button on the dongle. You can use this code to validate your identity over the online platform and access your services.|
Why are we moving away from these dongles?
Each software requires a unique dongle. As such, it is likely that you have a handful of dongles if you have multiple accounts. Besides making sure that you do not lose any of those small plastics, you have to carry them with you when you need to complete a transaction on the go.
Cost of dongle production
The cost of a physical dongle may be greater than a digital authentication. The monetary, time and environmental costs to produce crates of plastics may be a disincentive for organisations with a huge client base. Moreover, the gradual online shift of services will lower the learning cost of digital authentication for each organisation with more players entering the field. Consumers will have to learn to use digital authentication if most of their services require the same type of verification method.
Mobile Device Digital Authentication- The Way to Go?
Many institutions are adopting mobile device authentication solutions in place of the physical tokens for the same 2-step verification process. Such solutions include a cryptographic key and a Mobile Token App that will generate a One-Time password for the user. These applications can be further protected by the user’s PIN and the access license is customised to the user’s account. This enables a user to use the same authentication method across different mobile devices as long as she has the right credentials.
Currently, many consumers are sceptical about the security of digital authentication. As experts have discovered, mobile phones are not the best mode for authentication despite the high level of convenience. However, major institutions will continue to move towards digital authentication as our transaction services become more globalised. Aiming to utilise our unique biological prints for identification, biometric authenticators may be the next best security measure for digital verification.
What is in for Us?
At this point of transition, we should look into ways to secure our mobile phones against security hackers and imposters. Here are some tips to safeguard our information in our phones:
- Change your passwords once every few months
- Limit your downloads to trusted sources with high rating reviews
- Update your phone’s security software
- Stick to known wireless network sources over unknown private wireless connections
- Have a remote wiping system on your phone so that you can erase your sensitive information in the event that you lose your phone