singapore

No password, no problem for NTUC members

No password, no problem for NTUC members
PUBLISHED ONApril 04, 2014 10:35 PMByIrene Tham

SINGAPORE - Members of the National Trades Union Congress (NTUC) may no longer need to remember their passwords when they log in at its website to book a chalet or apply for a course.

The national umbrella body for trade unions has offered its 600,000 Singaporean and permanent resident members a new way to access its website, using just a security token, with no password needed.

It is believed to be the first organisation here to do away with the use of passwords.

Typically, a security token generates a one-time password (OTP), but users still have to key in user names and passwords in a process called two-factor authentication, which has been mandatory for banks since 2006, to counter cyberthreats.

But NTUC is offering members a token called OneKey, which looks like a credit card and provides a randomly generated one-time password.

In NTUC's case, only the OTP and username - usually the identity card number - need to be entered.

What is not required is a password, which NTUC said members often forget and ask to reset.

"Using OneKey as the password mechanism, we have removed the hassle of having to create and remember passwords," said Dr Kwong Yuk Wah, chief information officer at NTUC.

Members interviewed are happy with the new feature.

Business development manager Edna Low, 40, said she tends to forget passwords, which is why she uses the same one across a few online accounts.

"I know it's not safe, but now the problem is solved. I hope more organisations will get rid of static passwords by using security tokens," said Ms Low, an NTUC member for at least 14 years.

According to a 2012 poll of 346 people by Assurity Trusted Solutions, a subsidiary of the Infocomm Development Authority, three in five Singaporeans who access government services online have never changed their passwords. And half use the same one for all other online activities - from banking to shopping. But this creates "a single point of failure" which hackers can easily exploit, said chief operating officer Chai Chin Loon of Assurity, which is behind the OneKey hardware.

"NTUC's innovative use of OneKey shows that user convenience can go hand in hand with online security," he added.

Insurer NTUC Income's two million policyholders have been given the option to use OneKey since early last year.

itham@sph.com.sg

This article was published on April 3 in The Straits Times.

Get a copy of The Straits Times or go to straitstimes.com for more stories.

This website is best viewed using the latest versions of web browsers.