
Hong Kong’s regulator has ordered crypto platforms and online brokers to meet newly issued phishing-resistant login requirements within the next 12 months.
The Hong Kong Securities and Futures Commission (SFC) on Thursday issued new requirements for phishing-resistant authentication methods for virtual asset trading platforms (VATPs) and online brokers in the special administrative region.
The new standards require stronger phishing-resistant authentication methods and device binding while prohibiting the use of one-time passwords through SMS, email or app-based logins. Platforms must implement the changes within the next 12 months.
The requirements outlined stronger alternatives such as passkeys, registered devices with cryptographic verification and hardware security keys, which the SFC described as phishing-resistant solutions.




Comments (No)