Skip Navigation Links
01 Jun 2019  (642 Views) 
[x]
Out of the box


Apply common sense in risk assessment
I use my common sense to carry out my risk assessment. I do not blindly rely on the experts, because some of them may make the wrong judgment.

For example, I consider my NRIC to be a public ID and I do not mind sharing it. I attracted a malicious actor who used the NRIC to illegally access by SingPass account, but he cannot get through. I have since change my SingPass ID to use a non-NRIC. This is to avoid having my SingPass locked by GovTech.

I do not expect any more problem with the NRIC being known.

On the other hand, I am concerned about the use of the fingerprint to access my banking app on my mobile phone. Some "experts" said that it conform with 2FA standard. I do not agree.

It is possible for my mobile phone to be stolen and for a hacker to bypass the fingerprint authentication and have full access to my bank accounts. I consider it to be risky.

The 2FA protocol require the use of at least two separate devices or pieces of data. The implementation of the banking app and SingPass Mobile does not seem to meet this standard.

My trouble with the blocking of SingPass is minor. I had more trouble when the malicious actor used by mobile number and email address to register me in many website services, including money lending websites.

It was quite a nuisance to me, but it could happen to anyone. Many people, e.g. property agents, provide their mobile phone and email address on flyers to promote their business

There is a law against the "abuse of computer act". The malicious actor takes the risk of being caught and could be sent to jail. This is no different from a person who commits shop lifting or housebreaking. He (or she) also stands the risk of being caught.

I consider the risk of releasing my mobile phone number and email address, and find the risk to be acceptable. i will continue to make them available.

I read views of experts as published in the Internet, but I have to apply my common sense to decide on how much of the expert's views are relevant and correct. I do not follow them blindly. I make the effort to  understanding what they say.

Tan Kin Lian


Vote - should we apply our common sense and not believe the expert blindly?
 


Add Comment


Add a comment

Email
Comment


QR Code