Lunar New Year is supposed to be a season of joy, reunion dinners, pineapple tarts, and that familiar rush of sending e-hongbaos to family and friends. Yet today, much of that experience depends on navigating a growing number of apps behind the scenes.
To send e-hongbaos, I need my banking app. To buy festive goodies or last-minute gifts, I use shopping platforms. And when I’m out visiting relatives or buying snacks at retail stores, I rely on payment apps. In a single week, I might be switching between five or six apps, all tied to money, all requiring authentication, and all demanding that I “prove” I am me.
Individually, each step makes sense. Collectively, it becomes a noticeable layer of friction.
One of the biggest frustrations is that every app seems to have its own version of identity verification. Some ask for a password. Some require a PIN. Some use fingerprint login. Others insist on sending an OTP to your SMS or email.
While each mechanism serves a security purpose, the lack of a unified approach has resulted in a patchwork of systems layered over time. The user experience is inconsistent, and worse, it creates moments of vulnerability, especially when we’re rushing, distracted, or in a festive mood.
And Lunar New Year is exactly the kind of time when we’re distracted.
We’re multitasking, dealing with relatives, handling deliveries, juggling family gatherings, and often making purchases on the go. This is the perfect storm for security mistakes.
The Worst Time? When You Switch to a New Phone
The real pain starts when you upgrade your phone.
You’d think in 2026 we’d have figured out smooth and secure device migration. But no, switching to a new phone often means re-logging into every banking and payment app, re-setting security credentials, and going through a chain of verification steps that sometimes feels like applying for a bank loan.
Some apps require SMS OTP.
Some require email OTP.
Some ask you to scan your ID.
Some force you to reset your password.
The irony is that as security processes become more complex, they also create more opportunities for manipulation. When users are overwhelmed, they become less careful.
Passwords and OTPs: The Weakest Links in the Chain
When an app asks me for my password or an OTP, I immediately feel uneasy. Not because I don’t trust the bank, but because I know how easily these methods can be exploited.
Phishing attacks today are incredibly sophisticated. Scammers don’t just send poorly written emails anymore. They can clone websites perfectly, spoof caller IDs, impersonate delivery companies, and even simulate bank hotline numbers.
And OTPs, despite being treated as “secure,” are often the very thing scammers want.
Once a scammer convinces you to reveal your OTP, the game is over. That OTP is literally a “key” you just handed over willingly, even if you didn’t realize it.
The Strengths and Limits of Passkeys
Passkeys represent a meaningful improvement. They eliminate passwords and reduce phishing risks by relying on device-based authentication and biometrics.
But here’s the uncomfortable truth: passkeys shift the security burden elsewhere.
Instead of worrying about my banking password, I now worry about the security of my Apple ID or Google account. Because once everything is tied to the operating system or browser ecosystem, my digital life becomes dependent on the security of that single master identity.
In effect, we move from managing multiple application-level security controls to relying on a smaller number of highly critical ones. That shift does not negate the value of passkeys, but it does change the risk profile in ways that deserve careful consideration.
What If Authentication Was Truly Passwordless, Unified, and Human-Verified?
Life would be significantly easier and more secure if applications relied on a unified trusted authentication method such as V-Key ID. The design focuses on reducing complexity. No passwords.
No OTPs.
No “click this link to verify.”
No “enter the code we sent to your email.”
Authentication shifts from knowledge-based checks to confirming real human presence at the device. With liveness detection, the system doesn’t just check your face, it verifies that a real person is present and interacting in real time. This reduces the risk of scams involving photos, screenshots, or even deepfake videos.
As AI-generated impersonation becomes more convincing, liveness detection is no longer optional and has become a practical requirement.
Authentication often feels more like a hurdle than a protective measure. As users navigate multiple steps, friction builds and can lead to risky shortcuts such as reusing passwords, storing credentials insecurely, or entering OTPs without much thought.
A unified authentication approach would solve two big problems:
- Reduce user confusion
- Reduce phishing opportunities
When users know there is only one trusted way to authenticate, uncertainty is removed, weakening one of the key tactics scammers rely on.
Lunar New Year Should Be About Giving, Not Worrying
At the end of the day, Lunar New Year is about generosity. It’s about sending blessings, sharing prosperity, and strengthening relationships.
But every time I log into a banking app, enter an OTP, or reset credentials on a new phone, I’m reminded that the digital world still isn’t as secure as it should be.
Cybersecurity shouldn’t depend on whether I’m alert enough to spot a fake SMS.
It should rely on security solutions that assume people will get distracted, especially during festive seasons.
If authentication can evolve into something passwordless, unified, and based on real human presence, then one day sending e-hongbaos may feel as effortless as handing a red packet to a loved one.
We wish everyone a secure, seamless, and prosperous Lunar New Year.
