#HearMeOut
Skip Navigation Links
Home
Profile
Latest
Search
Social Media
Guide
31 May 2019
(516 Views)
[x]
Monetary Auth of Singapore
Finger print authentication may not be safe
In the past, I have to give my user ID, password and provide a 2FA authentication to log into my banking account or SingPass.
The 2FA authentication is on a separate device, and not on the primary device used for login.
I was surprised to learn that it is now possible for me to login to my bank account or to SingPass just with a fingerprint and on the same device.
What happened to the 2 device authentication that was supposed to be more secure?
I checked the Internet to find out how secure is the finger print authentication.
The answer is - not secure. I think that it is less secure than a password. The only advantage is that it is more convenient
See this explanation.
http://www.psafe.com/en/blog/fingerprint-login-may-not-safe/
I have told my bank that I am deleting the mobile app from my mobile phone. I will revert to use the web to login and to authenticate with my mobile phone or hard token.
I do not want a hacker who stole my mobile phone to use my fingerprint image to login and take my money.
I know that this may not be easy, but the hacker may have the tool.
For SingPass, I will continue to use the app. If a hacker can go in to my SingPass, he will not be able to do much.
However, if the risk is big, I will also remove SingPass mobile.
I wonder what happened to your cyber security experts. How can they allow the bank and SingPass to develop a mobile app with one level authentication, using only the fingerprint?
Tan Kin Lian
Vote - do you agree that the mobile app can be quite risky, although it is convenient to use.
View PDF
Add Comment
Add a comment
Email
Comment
QR Code