SINGAPORE – Most people here, nearly eight in 10, used two-factor authentication (2FA) last year to secure their online banking accounts.
But for other online accounts – such as for messaging like WhatsApp and Telegram, shopping, personal e-mail and social media – a government poll showed that just half of them did so.
This comes after earlier warnings by the authorities that criminals have been able to hack some online accounts, notably WhatsApp, that are not protected by 2FA.
Still, findings from the Cyber Security Agency of Singapore’s (CSA) cyber-security awareness survey, released on Monday (June 28), showed some improvement for e-mail and social media safeguards.
For personal e-mail accounts, 51 per cent of those polled said they used 2FA last year, up from 44 per cent in 2019.
For social media, 47 per cent did so last year, better than 2019’s 42 per cent.
The online survey of about 1,000 Singaporeans and permanent residents was done in December last year.
Cyber-security experts and the Government have long advised consumers and organisations to activate 2FA to make it harder for crooks to hack into accounts, if passwords get stolen or guessed.
Earlier this month, the police warned that scammers were using a voicemail method to hack people’s WhatsApp accounts and used these accounts to scam their friends. One way users could protect themselves was to enable 2FA.
CSA released a video on Facebook and Instagram shortly after to warn about crooks using hacked WhatsApp accounts, citing an incident in which local comedian Hossan Leong fell for one such ruse and hackers took over his account.
He had to contact WhatsApp to deactivate his account.
Mr David Ng, cyber-security firm Trend Micro’s country manager for Singapore, said people must work on the assumption that “all their accounts will be breached some day and all their personal data is at risk of getting exposed”.
With such a mindset, they will take a more proactive approach.
He added that consumers could consider classifying their data in online accounts in three categories – public, internal and confidential – to help them figure out when using 2FA is necessary.
Internal data should at least be protected with complex passwords.
But all confidential data should be secured with multi-factor authentication, like 2FA, said Mr Ng.
CSA’s study also showed that while some cyber practices and threat awareness have improved, there are still issues.
One finding was that even though people are worried about cyber attacks, far fewer think they would be hit.
But on a brighter note, more people are using a more complex password comprising a mix of letters in upper and lower case, numbers or symbols, with 88 per cent doing so last year compared with 83 per cent in the previous year.
However, when it came to identifying the strongest password among a few – Benhas3catsAThome! – the number of people who got it right remained at 56 per cent last year and in 2019.
Though weak passwords can be easily breached, Mr Ng has good news, saying: “At some point, passwords will be obsolete, especially as vendors continue to invest in next-generation technology to secure their customers.”
He noted that there are now various ways to secure log-ins – such as using multi-factor authentication, biometrics, a person’s location and Internet Protocol address – to compensate for password weaknesses.
CSA found that 78 per cent of people here understood the risks of not having cyber-security apps installed on their mobile devices, such as anti-virus software and Web-filtering apps.
But just 39 per cent said they installed such apps last year, down from 47 per cent the year before.
Mr Ng said people tend to install anti-virus software on computers instead, despite knowing they have more confidential data in their handsets.
“But the threats are the same regardless of the platform,” said Mr Ng, adding that people must assume their mobile devices could be hacked one day.
Even so, awareness could lead to a false sense of security at times, so he urged people not to let their guard down, especially since attacks that use psychological tricks, like posing as the victim’s friend, are harder to ward off.
“Cyber criminals are constantly changing their tactics and techniques – for instance, the line between legitimate and phishing e-mails is blurring,” he noted.