Hong Kong SFC Bans One-Time Passwords for Crypto Platforms, Mandates Stronger Authentication on July 09

Hong Kong's Securities and Futures Commission issued a circular on July 09 requiring virtual asset trading platforms and brokerages to replace one-time password (OTP) authentication with stronger security methods. Phishing and spoofing attacks accounted for 57% of all security incidents reported to Hong Kong's Cybersecurity Incident Response Centre in 2025, prompting the regulator to mandate phase-out of OTPs for customer login and device binding.

Platforms must adopt alternatives such as passkeys and bound-device authentication. All covered entities have 12 months to comply, though large internet brokerages must implement changes immediately. Senior management at these firms bears ultimate responsibility for account protection controls.

Disclaimer: The information on this page may come from third-party sources and is for reference only. It does not represent the views or opinions of Gate and does not constitute any financial, investment, or legal advice. Virtual asset trading involves high risk. Please do not rely solely on the information on this page when making decisions. For details, see the Disclaimer.
Comment
0/400
No comments