NTUC adopts OneKey security token to tighten access to its portal

With OneKey, NTUC removes the hassle of having to create and remember a complex password without compromising on securing access to its portal. -- ST FILE PHOTO: NG SOR LUAN
With OneKey, NTUC removes the hassle of having to create and remember a complex password without compromising on securing access to its portal. -- ST FILE PHOTO: NG SOR LUAN

NTUC members can now use a security token to access the union's website to manage their accounts.

The National Trades Union Congress' (NTUC) is the latest organisation to use the security token called OneKey, and possibly the first organisation here to get rid of static passwords at log-in. The change will only benefit the 600,000 Singaporean and permanent resident NTUC members.

The government-backed device, which looks like a credit card, provides a one-time password (OTP) which is randomly generated. The OTP will be used in addition to the usual username in a process called two-factor authentication. Users do not need to remember any passwords anymore as the OTP has replaced static passwords.

The process is designed to counter the threat from increasingly sophisticated hacker scams that steal passwords and money.

Dr Kwong Yuk Wah, chief information officer at NTUC said: "Although passwords act as the first line of defence, they are subjected to hacking and can be very vulnerable."

With OneKey, NTUC removes the hassle of having to create and remember a complex password without compromising on securing access to its portal, which allows members to check their membership LinkPoints, apply for training grants, book holiday facilities and register for NTUC-organised events, she said.

Assurity Trusted Solutions, a subsidiary of the Infocomm Development Authority (IDA), provides the OneKey hardware.

Mr Chai Chin Loon, chief operating officer of Assurity, said: "User convenience can go hand in hand with online security."

Past surveys by Assurity have revealed that Singaporeans find it challenging to create and remember unique, complex passwords for different online accounts. As a result, they often use the same password for all their online accounts, and thus, creating a single point of failure which hackers can easily exploit.

NTUC Income's two million policyholders have already been given the option to use OneKey since early last year.

Register here to get free digital access to The Straits Times until Aug 9, 2015.
Comments