JAKARTA - Cases of hacking and theft of users' personal data have recurred, most recently fintech startups Cermati.com and Lazada's RedMart have reportedly been compromised. So what must be done to secure important assets on digital platforms?

"Users must ensure that services (e-commerce) use Two Factor Authentication (TFA) or One Time Password (OTP) and do not use the same password for various accounts or services," said Cyber security observer from Vaksin.com Alfons Tanujaya when contacted by VOI. , Monday November 2nd.

Alfons explained, OTP is still recognized as one of the most effective additional security methods for a service. Meanwhile, the password in the form of a combination of letters, numbers (PIN) becomes a private key to access the account.

When likened to the use of PIN and OTP in one application platform, it provides extra tighter security. Because implementing this kind of security system makes users get an extra layer so it's difficult to exploit.

"So if there is an application that uses a PIN to secure OTP, it is like using a Jeep Wilis in war to protect a tank," he added.

Despite excellence in providing extra protection, Alfons also reminds every user not to use the same PIN code or Password to protect many different accounts. Because the use of the same PIN code and repeatedly allows security holes to be exploited.

"Unfortunately, if one of the accounts used is leaked, as experienced by Linkedin and Yahoo, which experienced leakage of user databases and spread in cyberspace," he continued.

Thus credential leaks and losses can be huge for the account owner. Because one integrated account uses the same email address, the leaked information gap can be exploited.

Alfons suggested that people who have digital accounts in either e-commerce or fintech-based services routinely change passwords and PIN codes. This step is best done to minimize the risk of hacking an account that stores the user's digital assets.

"To minimize the risk by saving funds or a limited balance in this service, you can use the Two-Step-Verification service to secure credential accounts," said Alfons.

Other Things You Can Do

Generally, hacked accounts have one weakness, where the perpetrator must gain access to the OTP code via messages the victim receives. So that often fraudsters usually pretend to be the authorities with various tricks to trick their victims into providing an access code or clicking on the verification link sent to the SMS so that the account changes hands.

For that, said Alfons, it would be better if users were given the option not to receive SMS OTPs. In this way, users can block Spam SMP in the form of an OTP that hackers keep asking for.

"Here what happens is the reverse where Two-Step Verification is a PIN that secures the OTP. So technically, the user has time not to provide the code or access the link sent," said Alfons.

Moreover, if the SMS contains a link verifying the account transfer. So as best as possible the user can avoid automated messages and unknown numbers asking which important code from the message content.


The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)