Pages

Tuesday, January 20, 2015

HOW ONEKEY WORKS -No password, no problem for NTUC members

No password, no problem for NTUC members 

030414_assurity_onekey.jpg

No password, no problem for NTUC members



SINGAPORE - Members of the National Trades Union Congress (NTUC) may no longer need to remember their passwords when they log in at its website to book a chalet or apply for a course.

The national umbrella body for trade unions has offered its 600,000 Singaporean and permanent resident members a new way to access its website, using just a security token, with no password needed.
It is believed to be the first organisation here to do away with the use of passwords.
Typically, a security token generates a one-time password (OTP), but users still have to key in user names and passwords in a process called two-factor authentication, which has been mandatory for banks since 2006, to counter cyberthreats.
But NTUC is offering members a token called OneKey, which looks like a credit card and provides a randomly generated one-time password.
In NTUC's case, only the OTP and username - usually the identity card number - need to be entered.
What is not required is a password, which NTUC said members often forget and ask to reset.
"Using OneKey as the password mechanism, we have removed the hassle of having to create and remember passwords," said Dr Kwong Yuk Wah, chief information officer at NTUC.
Members interviewed are happy with the new feature.
Business development manager Edna Low, 40, said she tends to forget passwords, which is why she uses the same one across a few online accounts.
"I know it's not safe, but now the problem is solved. I hope more organisations will get rid of static passwords by using security tokens," said Ms Low, an NTUC member for at least 14 years.
According to a 2012 poll of 346 people by Assurity Trusted Solutions, a subsidiary of the Infocomm Development Authority, three in five Singaporeans who access government services online have never changed their passwords. And half use the same one for all other online activities - from banking to shopping. But this creates "a single point of failure" which hackers can easily exploit, said chief operating officer Chai Chin Loon of Assurity, which is behind the OneKey hardware.
"NTUC's innovative use of OneKey shows that user convenience can go hand in hand with online security," he added.
Insurer NTUC Income's two million policyholders have been given the option to use OneKey since early last year.
This article was published on April 3 in The Straits Times.

Get a copy of The Straits Times or go to straitstimes.com for more stories.
- See more at: http://news.asiaone.com/news/singapore/no-password-no-problem-ntuc-members#sthash.ngznewAL.dpuf
.............

E-SECURITY TIPS

We often get carried away with what the cyber universe has to offer – copious amount of fascinating, intriguing and often fun images, videos, news and stories. In our excitement, we happily click on any links with the keen anticipation of what we might find!
However, with each click lies the potential of an unknown or often times, invisible intruder ready to embed a virus to steal your identity.

CYBER RISKS

Who:
Cyber intruders intend to cause harm in cyberspace, such as a hacker stealing personal information. They, then, become you and gain access to every aspect of your life – at work, at home or at school.

What:
You are what they are after. Impersonating you will allow them access to many aspects of your life – e.g. your bank accounts which they can financially benefit from, the contacts of your family and friends whom they can exploit thereafter, etc.

Where:
The Internet is created by and accessible through computer networks that share information and facilitate communication. Unlike the physical world, cyberspace has no boundaries across air, land, sea, and space.

Why:
There is a range of motives, including seeking confidential information, money, credit, prestige, or revenge. Some just do it for fun. The majority of cyber criminals are indiscriminate.

Information Technology may have created greater convenience in our daily lives, whether at work, at home or at school, but our growing dependence on IT demands greater security online. We are our own first line of defence in guarding against any online risks.

The Password Guide

Most people would admit to having a universal password for the ease and convenience of remembering, not really knowing the danger this may pose. The basis of hacking is to steal one’s identity, which means, knowing your username and your password to gain access to your online accounts.

Mistakes Commonly Made When Creating Passwords

  1. Using personal information about yourself or family members. This includes the generic information that can be obtained about you easily via social media. This may also include your favorite food, sports and pop idols. 
  2. Passwords that are the same as your username or part of your username.
  3. Using a real word from any language that can be found in a dictionary or common colloquialism.
  4. Using sequences, i.e. consecutive alphabets, numbers or keys on the keyboard. E.g. abcde, 12345, qwerty, asdfgh
  5. Using any of the above in reverse sequence and any of the above with a number in front or at the back. 
  6. Using a word found in the dictionary with a number substitution for the word look-alike. E.g. Replacing the letter “O” with the number “0” in “passw0rd”.
  7. Using the default password as supplied by the system vendor and meant to be changed at installation time. 

Tips On Creating Strong Passwords

  1. Use a combination of uppercase and lowercase letters, plus punctuation and numbers. Using all four types of characters works the best. E.g. Instead of using “Thank You”, use “Th@n1
  2. Passwords should be at least eight characters long. The longer they are, the harder to crack. 
  3. Try to make your passwords as meaningless and random as possible. 
  4. Create a password from a phrase. E.g. “My Father was 50 years old last year” could be made into “Mfw50yoLY”. 

How You Can Manage Your Passwords

  1. Do not use a common password for all your accounts.
  2. Use a memorable password that you do not need to store in your computer or your mobile phone.
  3. If you have your passwords written down somewhere, do not link them to their respective accounts.
  4. Do not answer “yes” when prompted to save the password on any particular computer, including your own. 
  5. Remember to clear your browser history.
  6. Never communicate a password to anyone, especially via email or instant messenger. Passwords should always be kept private.
  7. Remember to change your passwords frequently. The more important the account, the more frequently the password should be changed.
  8. Never click an email link and log in to any site from an email. Always type in the URL yourself. This will help you avoid phishing attacks. 
  9. There are many online services that will help you gauge the strength of your password.
  10. Adopt 2nd Factor Authentication (2FA) practices to further secure your online activities. 
It is always tempting to use your username, birth date or some combination of personal information as your password. 
However, with the rise of social media, it takes only an average hacker to figure out these passwords. 
Passwords provide the first line of defense against unauthorized access to your computer. This responsibility can truly lie only in our own hands. 

Adopt 2nd Factor Authentication For Maximum Security

2FA, which stands for 2nd Factor Authentication, is an additional layer of protection that typically requires a device that is unique to the holder. The OneKey Pad is such a device. The password generated in this device is only privy to the device’s user.
................

This is a quick little introduction on factor authentication to an average user. It was originally something I made at work to help users understand why they would want to use Google Apps' two factor authentication. I made it with nothing but Keynote and Camtasia for Mac. This version was originally posted over at friendsintech.com

UNDERSTANDING CYBER SECURITY

Did you know that cyber bandits can steal your identity, money, personal information and much more?


Practice cyber security to keep your online transactions safe!

As online fraud and identity theft become more widespread, online Service Providers such as securities trading firms and banks have introduced more stringent cyber security measures to protect their users’ financial transactions.
OneKey is your answer to convenient, worry-free online transactions!


ABOUT NAF & 2FA

National Authentication Framework (NAF)

The National Authentication Framework (NAF) is a nationwide platform to provide trusted and cost-effective authentication for online services, so as to protect the public’s online transactions. 

What is Authentication?

Authentication is the process of validating a person’s identity for security purposes.There are three recognised factors of authenticating individuals: 









  • "Something you know", such as a password or PIN
  • "Something you have", such as hardware security token 
  • "Something you are", such as a fingerprint, a retina scan or other biometric

  • A system is said to use strong authentication when it requires at least two of the three factors before access to the system is granted. This contrasts with traditional single-factor authentication, which requires only one authentication factor (normally the knowledge of a password) in order to gain access to a system. 
    2FA stands for 2nd Factor Authentication, which is the use of something you carry as proof of identity. 2FA makes it much more difficult for an attacker to impersonate you and access your computer, accounts, or other resources. The OneKey device provides 2FA with its One-Time Password (OTP) function. 
    Click here to watch an introductory video on 2FA: 



    HOW ONEKEY WORKS

    OneKey is the world’s first national 2nd factor authentication device for all users of private and public sector online services.

    One Person One Device

    Frustrated with having to carry around many different transaction security devices? OneKey can be used to transact with multiple service providers, offering you the most complete and convenient solution!

    One Device, Three 2FA Functions

    OneKey provides you with 2FA and Transaction Signing for maximum cyber security.

    What is Transaction Signing?

    Transaction signing is the process of keying a specific portion of your transaction details (eg, account number or transaction amount) on your OneKey to authenticate an online transaction. 
    This is like signing an online cheque!
    OneKey offers three 2FA functions: One-time Password, Challenge Response and Transaction Signing. 

    Click here to learn how to use your OneKey for more secure online transactions! 


    ABOUT ASSURITY

    Assurity Trusted Solutions Pte Ltd ("Assurity") is a wholly-owned subsidiary of the Info-communications Development Authority of Singapore ("IDA"). It has been set up to operate the NAF and provide 2nd Factor Authentication services.

    Click here to visit Assurity’s corporate website.

    How To Register For Your OneKey



    How To Activate Your OneKey



    How To Use Your OneKey



    How To Use The OTP Function



    How To Use The CR Function



    How To Use The Sign Function


    OneKey Roadshow at Chevron House, 2-4 April 2012



    Wouldn't Life Be Simpler With Just OneKey?



    Free Cruise to the Caribbean Islands



    Mother & Son


    Kindly allow the videos to load completely before viewing.

    Sunday, January 18, 2015

    စကာၤပူက စားသံုုးသူ၀န္ေဆာင္မႈ အသစ္ေလးေတြ!

    ၾကည့္လိုုက္စမ္းပါအံုုးဗ်.... 
    စကာၤပူမွာ   Customer Service ဆိုုတဲ့ မိမိရဲ႕စားသံုုးသူေတြကိုု ၀န္ေဆာင္မႈေပးတာ ၁၅ မိနစ္၊ ၃၀မိနစ္ႏွင့္ အၿပီးအျပတ္လုုပ္ေဆာင္ခိုုင္းယံုုမကဘဲ  ေနာက္ၿပီး ေန႔စဥ္ အစီခံစာတင္ျပတာကိုု အားမရေသးဘဲ အခုုေနာက္ပိုုင္းမွာ နည္းပညာေတြတိုုးတက္လာသလိုု လူေတြကိုုလဲ ဒီလိုု Software ေတြႏွင့္ ခ်က္ခ်င္း အစီခံစာတင္ခိုုင္းတတ္တယ္ဗ်.....
    ဘယ္ေလာက္မ်ား လူေတြကိုုဘယ္လိုုခိုုင္းရမယ္ ဘယ္လိုုေဆာင္ရြက္ေပးႏိုုင္ရမယ္ဆိုုတာဘဲ အျမဲ ၾကည့္တတ္တဲ့  ႏိုင္ငံေလးပါဘဲ...     
    အလုုပ္မွာလဲ တေျဖးေျဖးတင္းက်ပ္လာပါေတာ့တယ္..ဒီလိုုေတြေၾကာင့္ ဒီလိုု ဒဏ္ေတြမခံႏိုု္င္လိုု႔ ျပန္ေျပး တဲ့လူေတြလဲ မနည္းေတာ့ဘူးဗ်...လာသာမ်ားေလ၊ရာထူးႀကီးေလ ပိုုတာ၀န္ယူမႈပိုုမ်ားလာရတာပါေနာ္...



    Real-time inspection and feedback helps Changi Airport cut costs and manpower

    PUBLISHED ON DEC 16, 2013 5:48 PM 
     3 65 0 0PRINTEMAIL

    Changi Airport has made great gains in productivity and service standards, three years after it launched a feedback system allowing visitors to rate its staff and facilities, and a real-time inspection system to monitor faults in the airport.
    Since 2010, the move has slashed maintenance costs by more than $2 million, improved response time for repairs by 30 percent and reduced manpower by 69, or about five per cent, said the Changi Airport Group in a media statement.
    Through its E-inspection system, maintenance staff can report faults to contractors using smartphones installed with specialised software, and keep tabs on repair progress. The instant feedback system also allows airport users to rate counter staff, immigration officers, retailers and cleaners.
    The airport hopes to expand the system soon to include other areas, such as escalators, lifts and passenger loading bridges.
    - See more at: http://www.straitstimes.com/breaking-news/singapore/story/real-time-inspection-and-feedback-helps-changi-airport-cut-costs-and-m#sthash.oKIkFW8A.dpuf

    Saturday, January 17, 2015

    Mac OS X Server:how to reset the Open Directory administrator password.

    Mac OS X Server: How to reset the Open Directory administrator password

    Learn how to reset the Open Directory administrator password.

    Getting Started

    You can reset the Open Directory administrator password without touching user data. For example, you might need to do this if an Open Directory administrator departs without providing the password.
    You will need the slot ID for the Open Directory administrator user, so must first extract the slot ID from the directory. Then you will need to change the administrator password. You will need local administrator privileges on the server as well as access to the server via an interactive shell (such as Terminal or SSH) to do this.

    Extracting the slot ID

    Mountain Lion and later
    For resetting the Open Directory administrator password for OS X v10.8 and later, follow the instructions in this article.
    Lion Server 
    1. Open Directory Editor and authenticate with your administrator username and password. It is located in /System/Library/CoreServices/Directory Utility.
    2. Choose the Directory Editor pane.
    3. Navigate to the Open Directory Master node. You do this by selecting the node popup menu and select the "/LDAPv3/127.0.0.1" entry.
    4. Select the directory administrator account.
    5. In the list of attributes that appears, click the disclosure triangle next to AuthenticationAuthority to display all associated values.
    6. Select the value within the AuthenticationAuthority attribute which begins with ";ApplePasswordServer;"
    7. Click the "Text" pane below.
    8. The value between ";ApplePasswordServer;" and the comma is the slot ID, as shown highlighted below. Copy this value for later use. It starts with 0x.

    Mac OS X Server v10.3 through v10.6
    1. Open Workgroup Manager with your administrator username and password.
    2. Navigate to the Open Directory Master node. (Note: Your Workgroup Manager connection can be to either the master or a replica, just so long as you navigate to the Master node once connected.)
    3. In Workgroup Manager Preferences select the option to "Show 'All Records' tab and inspector."
    4. Select the directory administrator account, and click the Inspector tab.
    5. In the list of attributes that appears, click the disclosure triangle next to AuthenticationAuthority to display all associated values.
    6. Select the value within the AuthenticationAuthority attribute that begins with ";ApplePasswordServer;".
    7. Click View.
    8. The value after ";ApplePasswordServer;" until the comma is the slot ID, as shown below. Copy this value for later use.

    Extracting the slot ID using Terminal (Mac OS X Server v10.3 through 10.7.4)
    1. Log into the server using a local administrator user account, and open Terminal.
    2. Execute this command:
      sudo mkpassdb -dump
      
    3. Enter your administrator password when prompted. 
    4. A list of user short names with corresponding slot ID's will be listed. Find the , which is located to the left of the directory administrators short name. The ID starts with 0x and ends before the user's short name. For example:
      "slot 002: 0x479e48fe68b4567000000002000000002      diradmin 03/11/2008 02:12:30 PM"
      
    5. Copy this value for later use.

    Resetting the Open Directory administrator password

    Lion Server and later
    For resetting the Open Directory administrator password for OS X 10.7.5 and later, follow the instructions in this article.
    Mac OS X Server v10.3 through 10.7.4
    1. Log into the server using a local administrator user account, and open the Terminal.
    2. Enter this command:
      sudo su
      
    3. Enter your administrator password when prompted.
    4. Enter the following command:
      mkpassdb -setpassword slot-ID
      
      Replace with the value you previously obtained. You are then prompted for the new directory administrator password. If you are unable to obtain the using Workgroup Manager use the Terminal directions instead.
       
    5. Important: At this point, you have root privileges in this session. To avoid potential issues to the system, be sure to quit Terminal once you are done.