Security Token

Security token is introduced to strengthen the overall security level for system login by registered users. The OTP gives stronger authentication mechanism, at the same time, allows users to handle related user administration in a more efficient and convenient manner.

Software tokens have many benefits over hardware tokens. These include:-

• Portable - Instead of carrying around an extra piece of hardware, a software application can run on a variety of devices (smartphones, tablets);
• Flexible - Software token is even more favorable to multi-roles user since the software application adopted by ESS can accommodate up to ten users’ tokens;
• Durable - No regular renewal is necessary since software tokens do not have limitation on hardware life cycle;
• Less hassle - Software tokens can be distributed to users instantly with no restrictions are imposed on concerning shipping hardware tokens; and
• Market trend – The financial sector is generally moving away from hardware to software tokens.

In short, software tokens provide strong security, a more convenient and an improved customer experience. Therefore, the Exchange recommends the use of software tokens in ESS.

In exceptional circumstances, the Exchange may provide hardware tokens to an ESS user. However, ESS user would have to send a written explanation to the Exchange as to why it requires hardware tokens. The Exchange will consider the merit of such a request on a case by case basis.

The software token is a mobile application. You can download it for free to your mobile devices. To download, go to your device’s application store and search for “SafeNet MobilePASS+” (MobilePASS+).


You can click HERE or the hyperlink “? Help” on the User Activation Page of ESS website for the instructions (including video tutorial) on how to set up the security token.

For security reasons and to protect your interest, please ensure NOT to use a jailbroken or rooted device to download and set up the MobilePASS+.

Yes. You can download the software application in an APK file and install it to your mobile device. The APK file can be downloaded from SafeNet MobilePASS+ website.

To download the APK file

• Use your mobile device, go to the SafeNET MobilePASS+ Direct Download website
  (https://supportportal.thalesgroup.com/csm/?sys_kb_id=486059bedbfa5c5080b23452399619c7&id=kb_article_view&sysparm_rank=2&sysparm_tsqueryId=9bfdfd28dbcbe490f0e3220805961959&sysparm_article=KB0022709) or scan the QR code below;
  
• Clicks on the link MobilePASS+ for Android “APK Download”;
• An application file in APK format will be downloaded to your mobile device; and
• Open the APK file to install the MobilePASS+.

Note: Actual steps may be different based on the model of your mobile device, please read and follow to the instructions as presented during installation.

Please make sure you have followed the instructions to set up your security token and completed the user activation process in the ESS. If not, even though your security token has been created, you cannot use the OTP generated by your security token to log into ESS. You should contact your company’s Security Officer for re-assignment of security token.

Please also ensure the date and time shown on your mobile device is the same as displayed on the login page of the ESS website. Since the OTP will be renewed in every 30 seconds, the date and time of your mobile device and ESS must be synchronized. Please configure the Date/Time setting on your mobile device as “automatically updated”.

As a back-up channel, you can login to ESS by requesting an OTP sent via SMS (please refer to “SMS One time Password SMS OTP”).

If you own more than one ESS user account, you can register multiple tokens within a single MobilePASS+ application in a mobile device. For example, if you have three ESS user accounts, you need to register three tokens in your mobile device. But only one MobilePASS+ application is required to be setup in your mobile device.

ESS users (other than ESS security officer) should immediately report to your company’s security officer to revoke your token to prevent unauthorized access. If you are ESS Security Officer, you should send an email request (including User ID, User Name, Company Name and request details e.g. revoke and re-assign a new token) to esshotline@hkex.com.hk. Please note that the email must be sent from your Security Officer’s registered email address. Once the security token has been revoked, it is no longer valid. You have to complete the token registration again when you have a new device or subsequently found your lost device.

Instructions for ESS Security Officer on how to revoke the lost token and assign a new token can be found in the Quick Guide (basic version) or User Manual for Authorised Person, Administrator, Security Officer and DI Users (extended version).

The above arrangements also apply to re-registration of security token in case an ESS user has deleted or incorrectly set up the MobilePASS+.

Since your software token is tied to your mobile device instead of your SIM card. No special arrangement is needed after you have changed the SIM card or mobile phone number on your software token activated device.

In case you have changed your mobile phone number, you must update it in the “My Profile” on ESS by clicking the “Profile Admin” option in the menu bar at the top of ESS screen to ensure you can continue to receive the SMS OTP.

Yes. If you have changed your mobile device, you should contact your ESS Security Officer to re-assign the security token and then activate it again in your new mobile device. You can refer to the Quick Guide (basic version) or User Manual for Authorised Person, Administrator, Security Officer and DI Users (extended version) on how to re-assign your software token.