OCBC have implemented a security feature on OCBC Digital app to further safeguard their customers from malware

lalalalalala · Aug 11, 2023

crystalnox said:
I feel OCBC should give the option of signing a waiver to be able to use the ocbc app no matter what is installed on their phone, in return if the user does get scammed or hacked, it's entirely on the user. OCBC will bear no responsibilities.

They already had such a clause but end up lan lan still have to pay back those clowns who got hacked out of "goodwill"

lalalalalala · Aug 11, 2023

crystalnox said:
Bringing back the hardware token won’t help much, the root problem isn’t being resolved.

And that is the person falling for scams and fake apps/sites masquerading as the real thing. And these victims will still happily hand over their otp from the hardware tokens.

The problem they trying to solve is with dodgy apps that can control ur phone. So in this case hardware tokens help.

Because the app lives on the phone, it can trick pple to give the fingerprint. But it cannot get the token from the hardware device.

The problem with the hardware token is battery life, imagine token die u cannot make any tx need go down to bank to change & revalidate. U also have clowns that lose it

white_prince · Aug 11, 2023

SantyBalls said:
if you ever used hardware token before, it requires that users enter some combi onto the device, and then enter the generated response from the token.

it's much more secure than pressing approve and placing your thumb on your fingerprint sensor

Challenge code you mean before they issue you the OTP.

SantyBalls · Aug 11, 2023

white_prince said:
Challenge code you mean before they issue you the OTP.

If you add payee, will be last few digits of payee acct number.

If xfer money, will be amt u xferring,etc.

The app will tell you what to enter in the token and press sign. You then enter the response

twosix · Aug 11, 2023

https://www.androidpolice.com/whatsapp-developing-passkey-authentication/
The days when a strong password was adequate security for an online account are long gone. Phishing is rampant and cyber criminals are getting smarter, so much so that even newer methods like two-factor authentication can be compromised. Thankfully, widespread access to on-device biometric authentication has made cryptographic passkeys an option, and Google Password Manager supports them already. Now one of our favorite messaging apps, WhatsApp, has been spotted fleshing out support for the new authentication method, with a little help from Google Password Manager.

If you haven’t heard of them, passkeys are an authentication system that uses cryptographic keys. One half of the key is stored on the platform you’re signing in to, and you can authenticate usage of the other half with your device’s biometric features like face unlock or fingerprint. This system authenticates you faster, doesn’t fail as often, and is phishing-proof as well, because you don’t have to memorize the cryptographic key.

WhatsApp recently released version 2.23.17.5 to beta channel testers through the Google Play Store, and WABetaInfo found a screen suggesting the app may support passkeys soon. The screen advertises passkeys as a “simple way to sign in safely,” and the feature description suggests your WhatsApp passkey will be stored in Google Password Manager. To use the feature you may need to either scan your fingerprint/face, or use the screen lock method you’ve set up.

WhatsApp should use passkey authentication for account verification whenever you sign in, which isn’t often for most users. However, people frequently changing devices or using multiple accounts on the same device may appreciate the added security and convenience.

Google backs passkeys, and most of our favorite password managers already support them, so we're happy to see WhatsApp is building on its set of privacy tools with passkey support. However, the feature is till in development and could change between now and the official launch, which we aren’t sure when to expect.

aarontansp · Aug 11, 2023

Why my baidu kenna flag as low ses by OCBC app?

szeli · Aug 11, 2023

twosix said:
https://www.androidpolice.com/whatsapp-developing-passkey-authentication/
The days when a strong password was adequate security for an online account are long gone. Phishing is rampant and cyber criminals are getting smarter, so much so that even newer methods like two-factor authentication can be compromised. Thankfully, widespread access to on-device biometric authentication has made cryptographic passkeys an option, and Google Password Manager supports them already. Now one of our favorite messaging apps, WhatsApp, has been spotted fleshing out support for the new authentication method, with a little help from Google Password Manager.

If you haven’t heard of them, passkeys are an authentication system that uses cryptographic keys. One half of the key is stored on the platform you’re signing in to, and you can authenticate usage of the other half with your device’s biometric features like face unlock or fingerprint. This system authenticates you faster, doesn’t fail as often, and is phishing-proof as well, because you don’t have to memorize the cryptographic key.

WhatsApp recently released version 2.23.17.5 to beta channel testers through the Google Play Store, and WABetaInfo found a screen suggesting the app may support passkeys soon. The screen advertises passkeys as a “simple way to sign in safely,” and the feature description suggests your WhatsApp passkey will be stored in Google Password Manager. To use the feature you may need to either scan your fingerprint/face, or use the screen lock method you’ve set up.

WhatsApp should use passkey authentication for account verification whenever you sign in, which isn’t often for most users. However, people frequently changing devices or using multiple accounts on the same device may appreciate the added security and convenience.

Google backs passkeys, and most of our favorite password managers already support them, so we're happy to see WhatsApp is building on its set of privacy tools with passkey support. However, the feature is till in development and could change between now and the official launch, which we aren’t sure when to expect.

imma start moving to passkeys

hwsstx · Aug 11, 2023

twosix said:
https://www.androidpolice.com/whatsapp-developing-passkey-authentication/
The days when a strong password was adequate security for an online account are long gone. Phishing is rampant and cyber criminals are getting smarter, so much so that even newer methods like two-factor authentication can be compromised. Thankfully, widespread access to on-device biometric authentication has made cryptographic passkeys an option, and Google Password Manager supports them already. Now one of our favorite messaging apps, WhatsApp, has been spotted fleshing out support for the new authentication method, with a little help from Google Password Manager.

If you haven’t heard of them, passkeys are an authentication system that uses cryptographic keys. One half of the key is stored on the platform you’re signing in to, and you can authenticate usage of the other half with your device’s biometric features like face unlock or fingerprint. This system authenticates you faster, doesn’t fail as often, and is phishing-proof as well, because you don’t have to memorize the cryptographic key.

WhatsApp recently released version 2.23.17.5 to beta channel testers through the Google Play Store, and WABetaInfo found a screen suggesting the app may support passkeys soon. The screen advertises passkeys as a “simple way to sign in safely,” and the feature description suggests your WhatsApp passkey will be stored in Google Password Manager. To use the feature you may need to either scan your fingerprint/face, or use the screen lock method you’ve set up.

WhatsApp should use passkey authentication for account verification whenever you sign in, which isn’t often for most users. However, people frequently changing devices or using multiple accounts on the same device may appreciate the added security and convenience.

Google backs passkeys, and most of our favorite password managers already support them, so we're happy to see WhatsApp is building on its set of privacy tools with passkey support. However, the feature is till in development and could change between now and the official launch, which we aren’t sure when to expect.

By logging into my phone apps eg Bank's apps with Finger ID, is this considered Passkey?

CHINAUSA · Aug 11, 2023

sadly, citizens are treated as if we r children... dunno how to differentiate apps. a nanny state

Must be tooo many scammers nowadays

Imagine if this system spread to all other banks, you can forget about whatever smart nation they talking about liao.. talk cock!

twosix · Aug 11, 2023

hwsstx said:
By logging into my phone apps eg Bank's apps with Finger ID, is this considered Passkey?

No. Because it is still password based. Passkey needs a private and public keys to work.

twosix · Aug 11, 2023

szeli said:
imma start moving to passkeys

Start with Google accounts. I've already started moving.

wongminmin · Aug 11, 2023

smart nation is to block everything!!!!

wongminmin · Aug 11, 2023

ocbc 4.5 -> 4.1 :s12:

which bank to choose?

guile · Aug 11, 2023

Why can't they make use of existing Credit/Debit card NFC function as the 2FA Token. Each card holds one portion of the encryption which can only be decrypted by the app. Just tap your card to your phone to proceed with any changes/transaction on top of fingerprint/face sensor.

szeli · Aug 12, 2023

wongminmin said:
smart nation is to block everything!!!!

this is your phone? all non-playstore apps?

NightGhost · Aug 12, 2023

We need to purchase just phone for all this crap things. Jin sad n how many device we need to carry
Why no one impose dead penalty for this kind of criminal.

Jackrhino · Aug 12, 2023

twosix said:
https://www.androidpolice.com/whatsapp-developing-passkey-authentication/
The days when a strong password was adequate security for an online account are long gone. Phishing is rampant and cyber criminals are getting smarter, so much so that even newer methods like two-factor authentication can be compromised. Thankfully, widespread access to on-device biometric authentication has made cryptographic passkeys an option, and Google Password Manager supports them already. Now one of our favorite messaging apps, WhatsApp, has been spotted fleshing out support for the new authentication method, with a little help from Google Password Manager.

If you haven’t heard of them, passkeys are an authentication system that uses cryptographic keys. One half of the key is stored on the platform you’re signing in to, and you can authenticate usage of the other half with your device’s biometric features like face unlock or fingerprint. This system authenticates you faster, doesn’t fail as often, and is phishing-proof as well, because you don’t have to memorize the cryptographic key.

WhatsApp recently released version 2.23.17.5 to beta channel testers through the Google Play Store, and WABetaInfo found a screen suggesting the app may support passkeys soon. The screen advertises passkeys as a “simple way to sign in safely,” and the feature description suggests your WhatsApp passkey will be stored in Google Password Manager. To use the feature you may need to either scan your fingerprint/face, or use the screen lock method you’ve set up.

WhatsApp should use passkey authentication for account verification whenever you sign in, which isn’t often for most users. However, people frequently changing devices or using multiple accounts on the same device may appreciate the added security and convenience.

Google backs passkeys, and most of our favorite password managers already support them, so we're happy to see WhatsApp is building on its set of privacy tools with passkey support. However, the feature is till in development and could change between now and the official launch, which we aren’t sure when to expect.

Wait till that cryptographic key somehow get compromise, even worse. And means if u are drunk, people going to be able to just use your fingerprint to do all sorts of stuff on your phone cause no more password, just need your fingerprint

Ronin881 · Aug 12, 2023

Jackrhino said:
Wait till that cryptographic key somehow get compromise, even worse. And means if u are drunk, people going to be able to just use your fingerprint to do all sorts of stuff on your phone cause no more password, just need your fingerprint

No need to be drunk.
You can also be asleep.
Or tied up.
Or they chop off your finger tips.

PrincZe · Aug 12, 2023

twosix said:
Start with Google accounts. I've already started moving.

never try passkey.been using password based. any harm or problem? lost private key etc

Read HWZ Forum Rules!

wira · Sep 7, 2023

for all the complaints and noises lots of ocbc customers made, you cannot dispute the fact that blocking side loaded apps is the most effective.

https://www.straitstimes.com/tech/a...alware-attacks-after-ocbc-app-security-update

OCBC have implemented a security feature on OCBC Digital app to further safeguard their customers from malware

Great Supremacy Member

Great Supremacy Member

Arch-Supremacy Member

Banned

High Supremacy Member

Arch-Supremacy Member

Arch-Supremacy Member

Master Member

Master Member

High Supremacy Member

High Supremacy Member

High Supremacy Member

High Supremacy Member

High Supremacy Member

Arch-Supremacy Member

Arch-Supremacy Member

Senior Member

Supremacy Member

Master Member

Supremacy Member