Crypto
Home›Crypto›Regulation›Hong Kong sets timeline for phishing-resistant crypto…
Hong Kong sets timeline for phishing-resistant crypto logins and loss coverage
Hong Kong’s securities regulator says crypto platforms must remove one-time passwords and implement device binding by July 8, 2027, while monitoring and response obligations take effect immediately.
Hong Kong has given crypto platforms a one-year window to upgrade authentication and risk controls, directing them to stop using one-time passwords and adopt measures such as device binding. According to CryptoSlate, the Hong Kong Securities and Futures Commission requires phishing-resistant login and device binding by July 8, 2027, with related compliance expectations for crypto platforms set on a timed basis.
The regulator’s requirements also include monitoring and response duties, which apply immediately rather than waiting until the 2027 deadline. CryptoSlate reports the move is designed to strengthen protection against account compromise and related losses across crypto services operating under Hong Kong’s regulatory perimeter.