QF trialling two-factor authentication for QFF accounts

[ajd]

They're coming after your frequent flyer points

"Qantas won't divulge just how common frequent flyer identity theft is, but it's common. (The airline, like the banks being a bit vague about the extent of credit card fraud, says it's a security issue, not wanting to encourage the criminals. I suspect it's also a little embarrassing.)
Qantas is fighting back by beefing up its cyber security. Starting from Thursday, it's rolling out a trial of "a second-factor authentication process" – geek speak for texting you a code before you can log on to your account, the same way banks SMS a security code for many online payments."

 

[RichardMEL]

That will be great except if you need to do stuff O/S and aren't roaming, but still good.. it's about bloody time they improved on the 4 digit PIN.

 

[Basalt]

About time! Long overdue IMO and the opinion of many others here. 4 miserable digits just isn't enough these days....

 

[trippin_the_rift]

Given many members are always overseas travelling, SMS isn't the brightest idea.

 

[Dr Ralph]

Given many members are always overseas travelling, SMS isn't the brightest idea.

Possibly. But how often do you need to access you QFF account whilst overseas?

It's no different to bank authentication when overseas.

 

[snabbu]

TFA for airlines makes no sense to me. Just increase the complexity requirements of the password, problem solved.

 

[RichardMEL]

Given many members are always overseas travelling, SMS isn't the brightest idea.

Well maybe they will offer an alternative method.

I know some sites have things like security questions to authenticate browsers/devices and the like. We'll just have to wait and see I guess

Given it seems that it's only going to be for some functions, like probably award bookings or any points transactions rather than just looking at the balance maybe it won't be so onerous. Plus one presumes the app will be integrated better to, for example, provide a degree of trust on the users device (which I know is a pro as well as a con)

any move to improve security of accounts is a plus.

 

[opusman]

About time they did something to improve security, but SMS is not ideal given people are often overseas. There are better ways (e.g. authenticator apps).

 

[ajd]

TFA for airlines makes no sense to me. Just increase the complexity requirements of the password, problem solved.

Increasing password length etc is probably a good idea, but it addresses a very different set of security risks from 2FA.

I would agree with with opusman's suggestion of using an authenticator app, at least as an additional option. They could also potentially consider an emailed security code or login link (which quite a few sites like Steam use) to address some of the issues of SMS while roaming.

 

[Daver6]

TFA for airlines makes no sense to me. Just increase the complexity requirements of the password, problem solved.

Not at all. While 4 digits is a joke, 2FA solves a different problem.

If they use Google authenticator it gets around the roaming overseas issue.

 

[Bundy Bear]

Possibly. But how often do you need to access you QFF account whilst overseas?

It's no different to bank authentication when overseas.

Its when you are overseas and something goes wrong that you want access to the account.

SMS won't work for some people especially in another country where your number that you have registered with doesn't work.

 

[breakNegg]

I reckon its a great idea but Options should be supplied to suit the user

 

[dajop]

The other question is will it support overseas registered mobiles. One assumes it must as membership is diverse.

 

[Daver6]

There is much more to 2FA than sending a code via SMS. As I previously mentioned, Google authenticator is one such option. Every 60 seconds it creates a new 6 digit code. No internet connection required for this.

 

[Vic]

should match the banks - code for payment - sms code to use points. Then account can be accessed without code while overseas.

 

[zig]

I'm definitely in favour of increasing password complexity, but am not a fan of the sms code option. I hope they come up with another option.

 

[Hvr]

My Yahoo mail has 2FA when used from a new Internet address. I can choose to receive an SMS code or a code via another email address.

Works for me.

 

[mviy]

I would need an authenticator app option. My phone doesn't roam whilst overseas.

Two-factor authentication will make improving seat selection for family members that much more difficult.

 

[Sdtravel]

Sign me up now!!

Could be email or something with the qantas app.

My Microsoft account asks me for my back up email address and only hints part of it eg sd****@gm***.com and then sends a code to that. Although that also creates a loop or logging into other accounts overseas.
I use DUO for work for all my 2fa. Can do either push notifications, code from the app, sms or call me and dictate the code. The service costs but the code and push notifications are something that could work.
But works just as google authentication.

 

[trippin_the_rift]

Possibly. But how often do you need to access you QFF account whilst overseas?

It's no different to bank authentication when overseas.

More than you might think!

Bank auth while overseas isn't the best experience. I don't know about you but I have about 10 of those tokens. One recently had the battery die. It sucks.