Monetary Auth of Singapore Finger print authentication may not be safe
In the past, I have to give my user ID, password and provide a 2FA authentication to log into my banking account or SingPass.

The 2FA authentication is on a separate device, and not on the primary device used for login.

I was surprised to learn that it is now possible for me to login to my bank account or to SingPass just with a fingerprint and on the same device.

What happened to the 2 device authentication that was supposed to be more secure?

I checked the Internet to find out how secure is the finger print authentication.

The answer is - not secure. I think that it is less secure than a password. The only advantage is that it is more convenient

See this explanation.
http://www.psafe.com/en/blog/fingerprint-login-may-not-safe/

I have told my bank that I am deleting the mobile app from my mobile phone. I will revert to use the web to login and to authenticate with my mobile phone or hard token.

I do not want a hacker who stole my mobile phone to use my fingerprint image to login and take my money.

I know that this may not be easy, but the hacker may have the tool.

For SingPass, I will continue to use the app. If a hacker can go in to my SingPass, he will not be able to do much.

However, if the risk is big, I will also remove SingPass mobile.

I wonder what happened to your cyber security experts. How can they allow the bank and SingPass to develop a mobile app with one level authentication, using only the fingerprint?

Tan Kin Lian 

Vote - do you agree that the mobile app can be quite risky, although it is convenient to use.

 

Add Comment

---