A new SFC circular gives internet brokers and licensed virtual-asset platforms 12 months to replace OTP logins with phishing-resistant authentication such as passkeys, and warns firms they will be held accountable for client losses from preventable hacks. The post Hong Kong Orders Brokers and Crypto