Just one password to access all your mobile devices?

Singtel, StarHub and M1 to launch e-identity, which will do away with multiple passwords

Wouldn't it be nice to have the one password that rules them all on your mobile devices?

The three local telcos - Singtel, StarHub and M1 - believe they have the solution in an e-identity that will allow consumers to do away with managing multiple passwords when accessing online services on their mobile devices.

The service, Mobile Connect, will be tied to a customer's mobile phone number and may be launched as early as the second half of next year.

Mobile Connect can be used to access a host of online services including the customer's telco account, and for online transactions.

The three telcos would not reveal their online partners, but said the service will target all industries including finance, e-commerce, entertainment and government services.

Administrator Diana Lee, 42, said while the idea is good, she is concerned about security. "What if I lose my phone and the SIM card? My number is known to many people," she said.

With Mobile Connect, consumers will be prompted to enter their mobile number when logging in.

A BIT RISKY

What if I lose my phone and the SIM card? My number is known to many people.

ADMINISTRATOR DIANA LEE, on Mobile Connect which can be used to access a host of online services.

If consumers log in from their mobile phones, their telcos will verify over the cellular or Wi-Fi network that the number entered matches the credentials on the SIM card. They may be prompted to enter a code, which they must remember.

When logging in via the computer or tablet, consumers may also be prompted to enter a one-time password sent to their mobile phone.

But businessman Harry Chew, 46, prefers the security offered by fingerprint and iris scanning, available in many phones today.

Such biometrics technologies are more advanced than the use of one-time passwords, which can be hijacked. Case in point: Last December, the Association of Banks in Singapore warned against an unauthorised software update for messaging app WhatsApp that was targeting mobile banking customers.

The malware took control of the smartphone and intercepted the one-time password sent to the phone to make fraudulent online transactions.

Mr Aloysius Cheang, Asia-Pacific executive vice-president of global computing security association Cloud Security Alliance, said that for Mobile Connect to work, the telcos must underwrite any losses due to fraud. "The number of online service providers accepting this method of authentication will also determine if the technology will take off," said Mr Cheang.

The three telcos would not comment on who would underwrite losses due to fraud.

But they said customers should secure their phones with a passcode or fingerprint scanning. Customers are also advised to report the loss of their phones to the telcos immediately to block any unauthorised use.

"In this way, customers will be protected in the event of fraudulent activity," they said in a joint reply.

A version of this article appeared in the print edition of The Straits Times on November 30, 2016, with the headline 'Just one password to access all your mobile devices?'. Print Edition | Subscribe