

Hong Kong’s Securities and Futures Commission has ordered licensed virtual asset trading platforms and internet brokers to move away from one-time passwords for customer login and device registration. The Block reported that the phaseout follows rising spoofing and account-takeover risks, with firms expected to adopt stronger authentication such as passkeys and device binding within a 12-month window.
The trading lesson is direct: account access is a risk-control layer. A sound stop-loss does not help if a compromised login can place trades, withdraw assets or change account settings before the user reacts. Crypto platforms and stock apps are converging on the same security problem because both now handle mobile-first, high-value accounts.
Users should review whether their platform supports passkeys, hardware security keys, trusted-device management, withdrawal confirmation, session logs and alerts for new devices. SMS codes are convenient, but SIM-swap and phishing attacks can make them weaker than app-based authenticators or cryptographic passkeys.
The operational habit is to treat security settings like position sizing: set them before the stress event. Keep backup codes offline, remove old devices, avoid approving login prompts you did not initiate, and separate trading capital from long-term holdings when possible.
Sources: The Block; Hong Kong SFC.
Risk notice: Stronger authentication reduces account-takeover risk but does not remove market, platform, custody or phishing risk. This article is educational and is not investment advice.
原创文章,作者:financial transaction,如若转载,请注明出处:https://www.fanbi.net/archives/1893