2FA双重认证风险说明
General
2FA(也称为双因素身份验证)是使用两个不同的因素来验证用户的在线身份。
新加坡金融机构目前采用的做法是要求客户通过两步验证流程——
(1) 由金融机构颁发的个人识别码 (PIN) 和
(2)一次性密码(OTP),由硬件令牌设备或软件令牌应用程序生成,或通过短消息服务(SMS)发送给客户端。
这也是 Phillip Nova 采用的相同做法。 When a Phillip Nova client who has elected to participate in 2FA wishes to access an online service by Phillip Nova, the client is required to enter the PIN and the OTP for authentication.
The key objectives of 2FA are to protect the client’s online trading account and information from unauthorised access, and enhance the overall security of online trading systems.
At Phillip Nova we take a proactive role in protecting our clients. We have risk mitigating measures in place to protect your online trading account and information from unauthorised access. Please contact Phillip Nova for more details.
In our ongoing commitment to protect your account, Two-Factor Authentication (2FA) will soon become mandatory across all Phillip Nova systems, including the Client Portal and all trading platforms.
通过 Phillip Nova 进行交易时,2FA 不是强制性的。
尽管如此,我们鼓励客户在其在线交易账户上使用 2FA。选择使用 2FA 登录的客户将需要提供 PIN 和 OTP 才能访问在线交易服务。客户应谨慎保护自己的 PIN 和 OTP,不要将其透露给其他方。
对于硬件代币的用户,如有任何代币丢失或被盗,应立即向 Phillip Nova 或 OTP 提供商报告。丢失/被盗的代币将被禁用,用户将无法访问他的在线交易账户,直到他完成注销过程并收到新的代币。令牌可能需要付费。请联系菲利普诺瓦了解更多详情。
In our ongoing commitment to protect your account, Two-Factor Authentication (2FA) will soon become mandatory across all Phillip Nova systems, including the Client Portal and all trading platforms.
一般来说,单因素密码身份验证更容易受到基于密码的攻击和恶意软件的影响,这些攻击和恶意软件可能会导致未经授权的各方入侵和劫持在线交易账户。这反过来可能导致您的个人和交易信息在未经授权的情况下被泄露,这些信息可能在在线交易账户上可用,或通过您的在线交易账户进行欺诈交易。选择不对在线交易账户使用 2FA 会增加您面临这些风险的风险。
In our ongoing commitment to protect your account, Two-Factor Authentication (2FA) will soon become mandatory across all Phillip Nova systems, including the Client Portal and all trading platforms.
您应遵守以下做法,以尽可能确保您的密码和 PIN(用于资金转账)、安全令牌、个人详细信息和其他机密数据的机密性和完整性。这些将有助于防止未经授权的交易和欺诈性使用您的帐户,并确保没有其他人能够观察或窃取您的访问凭据或其他安全信息来模拟它们或获得对您的在线帐户的未经授权的访问:
你应该:
(a) 对您的 PIN 和密码(“凭证”)采取以下预防措施;
- 凭据应至少包含 8 个字母数字组合字符;
- 凭据不应基于可猜测的信息,例如用户 ID、个人电话号码、生日或其他个人信息;
- 凭据应保密,不得泄露给任何人;
- 凭证应被记住,不得记录在任何地方;
- 应定期更改凭据或在怀疑其已被泄露或损坏时更改凭据;和
- 不应将相同的 PIN 用于不同的网站、应用程序或服务,尤其是当它们与不同的实体相关时
(b) 未选择用于存储或保留用户名和密码的浏览器选项;
(c) 通过比较 URL 和我们在其数字证书中的名称或通过观察扩展验证证书提供的指标来检查我们网站的真实性;
(d) 检查网站地址是否从“http://”更改为“https://”,并在需要进行身份验证和加密时出现一个看起来像锁或钥匙的安全图标;
(e) 经常检查您的账户信息、余额和交易,并报告任何差异;
(f) 在您的个人电脑和移动设备上安装防病毒、反间谍软件和防火墙软件;
(g) 定期使用安全补丁或更新版本更新操作系统、病毒和防火墙产品;
(h) 删除计算机中的文件和打印机共享,尤其是当它们连接到互联网时;
(i) 定期备份关键数据;
(j) 考虑使用加密技术来保护高度敏感或机密的信息; (k) 注销每个在线会话;
(l)在每次在线会话之后清除浏览器缓存; (m) 不安装软件或运行来源不明的程序;
(n) 删除垃圾邮件或连锁邮件;
(o) 不打开陌生人的电子邮件附件;
(p) 不向鲜为人知或可疑的网站披露个人、财务或信用卡信息;
(q) 不使用不可信任的计算机或设备;和
(r) 不使用公共或网吧计算机访问在线服务或进行金融交易。
In our ongoing commitment to protect your account, Two-Factor Authentication (2FA) will soon become mandatory across all Phillip Nova systems, including the Client Portal and all trading platforms.
2FA is available on both the Phillip Nova and Phillip MetaTrader 5 (MT5) platforms. For MetaTrader 5, the 2FA is an inbuilt feature of the platform, so users of MT5 will not be able to opt out of 2FA.
账户管理界面
2FA will be enabled by default on the Client Portal starting 2 August 2025. There is no setting up required.
Upon logging in, a One-Time Password (OTP) will be sent to you via your chosen verification method — either email or SMS. You’ll need to enter this OTP to complete the login process.
Please always ensure that your email address and mobile number are up to date in your account records. This will help prevent any issues when receiving your OTP.
If you did not receive your One-Time Password (OTP), please follow the steps below based on your selected delivery method:
For Email OTP:
Check your Spam, Junk, 或者 促销活动 folder.
Ensure your mailbox isn’t full and can receive new emails.
Confirm that you entered the email address registered to your trading account(s).
For SMS OTP:
Ensure your phone has stable network reception.
Check if your phone is set to block unknown or short-code numbers.
If using a dual-SIM device, verify that the correct SIM is active for receiving messages.
Try restarting your device to refresh message reception.
If the issue persists, please contact our support team for assistance:
Client Service Desk | IT Helpdesk |
(65) 6538 0500 | (65) 6597 3241 |
Mon-Fri, 9am-6pm | Mon-Sat, 5am-5am |
If you received a One-Time Password (OTP) without initiating a login or action, please contact us immediately. This may indicate an attempted unauthorised access to your account.
Client Service Desk | IT Helpdesk |
(65) 6538 0500 | (65) 6597 3241 |
Mon-Fri, 9am-6pm | Mon-Sat, 5am-5am |
You can identify a legitimate OTP message by the following:
No clickable links – Our OTP messages are for verification purposes only and do not contain any links.
Sender profile –
Email OTP: Verify <onenovaotp@phillip.com.sg>
- SMS OTP: PhillipNova 或者 VonageAPI
No replies required – Please do not reply to the message, as it is sent from an unmonitored address.
To confirm if the OTP is valid, check whether it was triggered by a recent action you performed — such as logging into the Client Portal.
If you did 不是 initiate any action, do not use the OTP 和 contact us immediately.
Client Service Desk | IT Helpdesk |
(65) 6538 0500 | (65) 6597 3241 |
Mon-Fri, 9am-6pm | Mon-Sat, 5am-5am |
In some countries, due to local telecom restrictions, OTPs sent via SMS may appear under a different sender name such as “VonageAPI” instead of “PhillipNova. This is a known issue and does not affect the validity of the OTP.
If you are not receiving the OTP or are unsure of its legitimacy:
Check your SMS spam or blocked folders
Consider switching to email OTP as an alternative
Contact our support team if the issue persists
Each OTP is valid for 5 minutes from the time of issue. For security reasons, please enter the OTP promptly after receiving it. If the OTP has expired, simply request a new one to proceed.
Phillip Nova 2.0
Click here for the Phillip Nova 2.0 2FA set up guide.
You may also refer to the video guide below:
Joint and corporate accounts may be eligible for more than one set of login credentials, subject to review and approval.
No. Exchange access is managed at the account level and cannot be customised for individual login credentials.
No. 2FA is mandatory across all Phillip Nova systems, including the Client Portal and all trading platform to ensure enhanced account security.
No. The one-time password (OTP) can only be retrieved through the Phillip Nova 2.0 mobile app.
You may do so by contacting our IT Helpdesk at (65) 6597 3241, and our team will assist you with the process.
No. Each account can only be logged in on one mobile device at a time.
CQG
No. 2FA can only be set up on 一 device at any given time.
Please email Phillip Nova Technical Support at novatech@phillip.com.sg or call (65) 6597 3241 to submit a request to unbind your current 2FA device.
Once unbinding is completed, you may log in to My CQG Portal to set up 2FA on your new device.
No. 2FA is mandatory across all Phillip Nova systems, including the Client Portal and all trading platform to ensure enhanced account security.
No. 2FA for CQG can only be set up using the TOTP authenticator app.
仍有疑问?
如有任何疑问,欢迎致电 (65) 6538 0500 或者
发送电子邮件至 nova@phillip.com.sg