SMS Login Verification - Argh

[trippin_the_rift]

Seriously who came up with the idea of SMS verification for login?

• Nobody wants to pay for receiving SMS while outside of Australia
• What % of Qantas members travel overseas and pick-up local sim cards?
• SMS are not free - Qantas is paying for each MT SMS. Even higher costs to some non-AU destinations
• Australia is one of the last remaining countries in the world still hanging on to SMS.

I may never login to my Qantas on the web, ever again.

Does anyone else find SMS log-in super annoying?

 

[Pushka]

I’ve been dealing with this since April 2 years ago (2017) as I was one of the ones ‘selected’ for a pilot study. My feedback told them it was awful and should be stopped. Where were you then when I posted here about this?

I consistently tweeted and messaged Qantas social team about it. A year ago the Qantas team stated that despite the negative feedback it was going to be rolled out. And which happened yesterday I think as I had to do this when booking my husbands flight.

 

[defurax]

Very annoying! At least they could use Google authenticator or something similar and never challenge you on the same device.

 

[Steady]

Very annoying - yes

 

[dajop]

Nobody wants to pay for receiving SMS while outside of Australia

Do you have to pay for receiving SMS outside AU? We maintain a very low cost Australian SIM card (data roam always turned off) we use to receive SMS for authentication for several Australian banks ( which don't accept/work with overseas phone numbers) . We don't pay for incoming SMS, only outgoing. Main problem is if we forget to turn the phone off after we use it, someone calls and it gets diverted to voicemail - which costs $$$ if phone is on (but not if phone is off).

 

[trippin_the_rift]

I could deal with a similar setup to Amex where the code is sent via email at the same time and it's up to the user to decide which platform they want to use for code retrieval.

How about recognising known devices, fingerprint2 type tracking, use some of that advanced "machine learning AI technology startup innovation blockchain cloud" (wherever buzzword they're using now) stuff to figure out if it's really the user logging into the account?

The only reason I can think of that QF uses such backward idea is their insurance company won't cover data loss unless it's "protected by sms".

Really really poor user experience QF.

 

[Isochronous]

For those of us that have linked foreign numbers to QFF I wonder how much international SMS is costing them - especially when triggered regularly by Awardwallet updates etc.

 

[kpro]

Nobody wants to pay for receiving SMS while outside of Australia

I've never seen a plan, pre-paid or post-paid which charges to receive SMS while roaming.

What % of Qantas members travel overseas and pick-up local sim cards?

Rarely, roaming costs have gone down so much in the past few years. I haven't picked up a local sim when overseas since 2016, and even then I still had my Australian sim on me.

SMS are not free - Qantas is paying for each MT SMS. Even higher costs to some non-AU destinations

Cost is minimal per SMS, but agree it does add up.

Australia is one of the last remaining countries in the world still hanging on to SMS.

This is possible. I'd say from a texting perspective, most people in Australia will have moved to WhatsApp or similar. For marketing purposes it's still popular here.

Even so, I think Qantas should introduce a choice for alternative 2FA authentication. SMS should be kept as an option as I suspect some of QFF's target demographic may not have smartphones or be willing to download a 2FA app.

 

[Bundy Bear]

Ah thats going to suck; just tried it myself.

Going to make it hard for those who look after our parents frequent Flyer accounts.

Not happy Qantas.

 

[Chicken]

Nobody wants to pay for receiving SMS while outside of Australia

Actually, phone companies do not charge for receiving SMS when you roam overseas. You only pay when you receive a call, as you need the calls to be forwarded from Australia to wherever you were.

At least they could use Google authenticator

Like Google doesn't already know enough about you ...

I could deal with a similar setup to Amex where the code is sent via email at the same time
How about recognising known devices

I think both are good, like PayPal and Google, where you get challenged if you use a browser without a left over cookie, or if you log in from a different country.

fingerprint2 type tracking

You want Qantas to have your fingerprint???

The only reason I can think of that QF uses such backward idea is their insurance company won't cover data loss unless it's "protected by sms".

It is easier to just implement 1 thing as a catch all, then having to implement fuzzy logic using a combination of cookies and IP locations. Well, not easier, but lazy lower cost.

Really really poor user experience QF.

Meah. It's not like you log into Qantas everyday. Internet banking on the other hand ......

 

[Kerrodt]

No authentication seems to be getting sought if you use the app to access QFF and are already logged in on the app.

 

[Pushka]

Do you have to pay for receiving SMS outside AU? We maintain a very low cost Australian SIM card (data roam always turned off) we use to receive SMS for authentication for several Australian banks ( which don't accept/work with overseas phone numbers) . We don't pay for incoming SMS, only outgoing. Main problem is if we forget to turn the phone off after we use it, someone calls and it gets diverted to voicemail - which costs $$$ if phone is on (but not if phone is off).

We don’t receive the sms overseas if only on wifi. Annoying.

 

[Kerrodt]

If I do go overseas and use a local overseas SIM, when, where, and how do I update my mobile number so the sms verifications come through to my overseas number?

 

[opusman]

1. Get a cheap second SIM that you only use for SMS (e.g. Amaysim $10 for 365 days)
2. Get a cheap Android phone
3. Install an app that forwards SMS messages from that phone to your real phone via the Internet
4. Leave SMS phone at home and forget about it

 

[odysseus]

Oh absolutely.

You definitely don't want to deal with Citibank - someone there has the mindset that it has to be used for every. single. thing. With no alternative.

 

[dajop]

Oh absolutely.

You definitely don't want to deal with Citibank - someone there has the mindset that it has to be used for every. single. thing. With no alternative.

Citi's behind the times in Australia then? Citibank Singapore gives you a choice of SMS, security token or Mobile Token (generated using an App on your phone, but you don't need to have mobile online to generate the token, can do in Airplane mode).

 

[oz_mark]

It's a bit strange that Qantas Business Rewards offers SMS or email, but QFF don't.

 

[AustraliaPoochie]

Its only QF cash/QFTMcard that has that, eh?
I do log into my QFF account, and no sms on that one, which I feel is more important that the sms 2fa need/needed for the QFTMcard.
I guess its a means for them to verify that you are indeed you, but I do see your point if a person is overseas with a roaming plan, it will be $$$, or if a person buys an (while) overseas sim, and provides the sim phone number, but for no sms to arrive...
But what can we do?
QF had/has decided to do it, your moaning on here, or our discussions is not going to change anything.
I think though, that QF should also have 2fa when a person is about to utilise points, to make sure the caller is legit with the phone number on their account, (of course, not good if a person (real QFF member, is overseas!).

 

[CaptJCool]

In using this page just now

Fly with Australia’s most popular airline | Qantas AU. And searching for flight to Perth isn’t classic rewards it brings up the log-in, popped in the details and it worked as usual

When the SMS request happened On Monday 15th July around 4pm, it did offer a question with a link underneath
“Do you wish to verify in another way.”

 

[Pushka]

Its only QF cash/QFTMcard that has that, eh?
I do log into my QFF account, and no sms on that one, which I feel is more important that the sms 2fa need/needed for the QFTMcard.
I guess its a means for them to verify that you are indeed you, but I do see your point if a person is overseas with a roaming plan, it will be $$$, or if a person buys an (while) overseas sim, and provides the sim phone number, but for no sms to arrive...
But what can we do?
QF had/has decided to do it, your moaning on here, or our discussions is not going to change anything.
I think though, that QF should also have 2fa when a person is about to utilise points, to make sure the caller is legit with the phone number on their account, (of course, not good if a person (real QFF member, is overseas!).

Not sure what you are talking about but I’ve had sms for QFF for over 2 years now as part of the pilot and it’s just been extended throughout the programme for all despite the negative feedback. And you can verify using birthdate and postcode.

Given I’ve been posting about this annoyance since then it might have been good if others had have taken up their umbrage then and it might have been stopped.