08 Feb 2020  (433 Views)
Introduce a common 2FA system for govt agencies and financial institutions

We need to introduce a common 2FA system for govt agencies and financial institutions. 

I share my experience with Facebook and Google and suggest how it can be done.

Facebook asked me to implement a 2FA authentication for my page. They did it very well.

Here is my experience:

a) The target my page because it is a high profile page. Fair enough.
b) The 2FA authentication is required only if I use a device that is not my regular device. (Wow - that makes a lot of sense).
c) The allow me to use a third party authenticator and suggested two of them. I chose Google Authenticator. I have to scan their QR code to link the servers. It was easy.
d) The Google authenticator generate a 6 digit code which I entered to Facebook (it is easy).

I hope that our govt agencies, such as GovTech, learn from the real experts, such as Facebook and Google, on how to handle 2FA. They have common sense.

The 2FA process adopted in Singapore should be simplified. It should apply to all govt agencies and financial institutions. It should use a common third party service, to avoid proliferation of authentication apps.

If SingPass is to be the primary mode, it should be allowed for financial institutions as well. For people who do not have a device that recognize a fingerprint, it should generate a 6 digit PIN (like what Google Authenticator had done).

Tan Kin Lian


Agree: 1  Disagree: 0  Vote