With many Singaporeans planning overseas trips over Christmas and the New Year, Assurity Trusted Solutions – the company which operates Singapore’s National Authentication Framework – has issued a call for everyone to take steps to ensure a cybercrime-free festive season.

One important safeguard would be to activate two-factor authentication (2FA), which provides additional defence against online fraud and identity theft when carrying out Internet transactions or accessing online accounts.

“Usernames and passwords are the first line of defence against cybercrime. Unfortunately, most people do not change their passwords regularly and do not have unique, complex passwords for their different online accounts. This makes their accounts vulnerable to hacking,” said Mr Chai Chin Loon, Chief Operating Officer of Assurity.

“2FA adds a second layer of defence against online fraud and identity theft. Passwords alone are not enough. Activate 2FA for your personal email, social networking and important financial accounts for peace of mind whether you are in Singapore or travelling overseas,” he urged.

2FA is the verification of a user and authenticates that “He is who he says he is” with a unique, randomly generated password from a device that he owns that is linked to his service provider. Assurity enables consumers to access multiple online services from various service providers requiring 2FA, using a single token called OneKey.

Users like Mr Jonathan Ong, an accountant, appreciates the convenience of using OneKey to access his online accounts with up to six service providers including NTUC, Tokio Marine, Kim Eng, Phillip Securities ,Lim & Tan and DMG Securities. “OneKey gives me added assurance with regards to my account security, as just a username and password will not be sufficient to prevent unauthorised transactions,” he said.

Mr Ong uses 2FA mainly to access brokerage services for the buying and selling of shares, and brings his security tokens when travelling overseas for work. “During overseas, access to Internet may not be secured.  OneKey gives me the additional sense of security and comfort that an unauthorised party will not be able to access my account even if they know my username and password.”

Similar concerns prompted Ms Ada Ang, a freelance copywriter, to activate her 2FA before leaving for a two-week holiday in December. “The last time I was away, I wanted to log in to my securities trading account to sell, but I was not sure that my login details would be safe,” she said. “And when I accessed my Gmail account overseas using the hotel’s computer, I could not be 100 per cent sure that when I logged out, my account details were not still sitting in the system.”

In fact, one of Assurity’s cyber security tips is for users to activate 2FA for personal email such as Gmail and Hotmail, as well as social networking and important financial accounts. For personal email and social networking accounts, this may entail registering the mobile phone number with the service provider so they can send the user an SMS One-Time Password (OTP) each time he or she logs into the account. 2FA is mandatory for all online banking services, and is strongly encouraged for online securities trading and/or insurance accounts to reduce the risk of online fraud or identity theft.

Internet users should also activate SMS alerts for online banking and credit card transactions. This gives them an SMS alert each time an online transaction is performed, allowing them to keep track of transactions and alert the relevant authorities if they detect anything suspicious.