It has been weeks since the “Comeleak” data breach but the online security nightmare continues.
Personal information about millions of Filipinos are still accessible online to whoever wish to seek it. These personal information details include people’s birthday, mother’s maiden name, fingerprints, and address. Filipinos are now vulnerable to cyberattacks such as being hacked into their like emails or bank accounts.
Related: COMELEC says sorry over leaked data
One obvious danger is if the person uses his or her birthday or other information exposed in the data leak as a password or PIN (personal identification number). This is why it is not recommended to use such obvious information in your passwords.
However, some online accounts require a security question that may unlock these accounts. Unfortunately, some of these questions may ask something that is answerable by just looking at the person’s exposed personal details.
For example, a bank’s security question can be the mother’s maiden name or city of birth. This simply means that even if you cannot guess someone’s password, as long as you can answer the security question, it increases the chance to enter that person’s account.
Once they have access, they can do anything—even transfer funds and steal your money. They can also obtain sensitive information you wrote or attached in your emails. This is why another layer of security has been in demand. More and more online portals are recognizing the need for OTP or one-time passwords or 2FA, two-factor authentication.
What is OTP or 2FA?
One Time Password or OTP is a type of Two-Factor Authentication (2FA) that provides an additional layer of security. The usual login process for an online account entails users typing in their username and password to confirm identity. With 2FA, you will be asked for another password that is accessible to only you before transmitting confidential information or processing important transactions.
How can I get it?
First, you have to know if this option is available in your account, whether it be your email or bank account. Next, you have to activate it. You will be asked what mobile number you are using. This is because once you activate it, your portal will use this number to send your OTP upon your next login or transaction.
How does it work?
The next time you login, you will be asked your usual username and password. Then you will be asked another password which will be sent to you via SMS or text. This is usually a four to six digit code–this is your OTP. You will have to type in the code/OTP in the verification prompt screen to proceed with the transaction.
According to Johdel Ocampo, Head of Rising Tide Connectivity, which serves a gateway for application-to-person messages such as 2FAs in the Philippines, OTPs are time-sensitive and relies on the mobile solution provider's capacity to deliver the messages as fast and consistent as possible.
For Jose Lui Junio, CEO of Samathea Inc., a mobile solutions provider bridging the gap between brands and consumers through the power of SMS, OTP is a good way to reinforce security measures in the form of SMS.
“It protects the consumers and builds credibility to businesses and brands,” he said.
Which industries should use OTP or 2FA?
Businesses of all sizes and industries who have mobile and web platforms should implement 2FA upon login, according to Ocampo. This is to better protect their users and partners.
“Key industries are banking and finance, e-commerce, logistics, insurance, and hospitality,” he said.
For Rico Hernandez, CEO and founder of Busybee, another mobile solutions provider, all industries with online presence should have OTP in their system.
“OTP is widely used in the banking industry but with the low cost of implementation, any business owner can implement the same security protocol to protect vital online assets and to secure system against hackers,” he said.
Is it really necessary?
Aside from installing security software and reinforcements, businesses should safeguard clients by adding security features such as OTPs and utilizing the power, convenience, and reliability of SMS.
“This added customer security contributes to the brand’s credibility and reliability with the advent of information breach over the internet,” Ocampo said.
According to Hernandez, OTPs had changed the security protocol to a whole new level.
“OTPs now made it hard for identity thieves to steal or hack into a system because without passing to this process, unauthorized entry is close to impossible unless mobile phone is compromised. If you want to secure your application or transaction, it is a must to have OTP,” he added.
Other safety tips
Aside from OTPs, you can add voice-based 2FA which adds text-to-speech capability to the standard 2FA process, enabling you to place calls and deliver user authentication PINs via voice audio, Hernandez said.
Nicai is the marketing head of Rising Tide, a technology solutions company. She is also the Manila Bureau Manager of Probe Media Foundation's Mulat Pinoy-Kabataan News Network and a regular contributor for SPOT.ph. Follow her on Twitter, @nicaideguzman, and LinkedIn, https://www.linkedin.com/in/nicaideguzman.