SMS Login Verification - Argh

[get me outta here]

If I get an o/s sim that I can activate before leaving Aus and find out the number, I then change the contact number in QF acct before departure ( and remember to change back upon return). Once o/s if not using my Aus sim, I haven’t worked that out. Email notice would be good, how to achieve that?
Same prob w’ QF Money - a card that is generally a nuisance and will be disposed of ASAP.

If I do go overseas and use a local overseas SIM, when, where, and how do I update my mobile number so the sms verifications come through to my overseas number?

 

[ellen10]

Hmmm, I think I need to investigate this further for our overseas trip next month.

 

[Mattg]

I agree that the 2FA is annoying. I understand the security need for it, but it would be good if you could opt in/out and it only came up if you tried to actually make a redemption/change account details, rather than just when trying to log in.

When the SMS request happened On Monday 15th July around 4pm, it did offer a question with a link underneath
“Do you wish to verify in another way.”

You can choose to set up security questions and use those instead of SMS verification. I've just set up my 3 questions. (Annoying, I had to enter a verification code to be able to set the questions.)

 

[get me outta here]

I just set up security Qs and logged in with no sms or Qs needed. But then, I don't always get the sms though.

 

[Fergo747]

You definitely don't want to deal with Citibank - someone there has the mindset that it has to be used for every. single. thing. With no alternative.

Trying not to be too off topic, but it's not the only way with Citi - there is mobile token also .

 

[mattm199]

Also comes up when using AwardWallet to check balances.
The app asks for security questions; but also triggered the SMS verification code being sent.
(also see that Woolworths EDR now requires an SMS verification as well for AW to check)

 

[Daver6]

Like Google doesn't already know enough about you ...

You don't have to use Google authenticator though. Can use any number of authenticator apps. I quite like Authy personally. User choice.

 

[sudoer]

Like Google doesn't already know enough about you ...

Google Authenticator doesn't sync with the cloud, but if you're that paranoid just use another open source TOTP client. (e.g. andOTP)

IMO it would also make sense to build TOTP functionality into the Qantas app itself, like Facebook, Steam and others have done. No network required and most active FFs would have the app already installed.

 

[Cool Cat Phil]

Don’t most Australian Banks also use SMS security for internet banking purposes as a method to secure individual bank accounts?

 

[Kiwi_Flyer]

No sms needed for me to log in using the QF NZ website.

 

[k_sheep]

About time they strengthened their security - but why when you are just logging in?

If money or points are changing hand then absolutely. But for general browsing? So annoying.

 

[Pushka]

Don’t most Australian Banks also use SMS security for internet banking purposes as a method to secure individual bank accounts?

Only for transactions where the receiver hasn’t been pre authorised.

 

[AustraliaPoochie]

Very odd, because I am of late, up to yesterday, still able to log into my QFF account, and not QTMC (that one does need the 2fa), but logging into my QFF account, still no sms needed.
Maybe its good that way, or maybe its "bad" as in the sense, my computer is at risk of my QFF account being sucked dry.
But at the least, for those of you who are not travelling overseas, and having the needed sms to log into QFF, others will not be able to suck your QFF account of points, for rewards being requested not authorised by you/points usage by others not authorised by you.
As a point of interest, the log in at the top always has my name there already, so maybe I didn't click log out all the way.
Probably if I close the QFF page, totally close, it would just be a generic "log into your account" at the top without my name being there.
Right now it reads, "Poochie, log into your account now...", or something like that.
And I am sure that this is not my QTMC account, its my QFF account.

 

[trippin_the_rift]

Don’t most Australian Banks also use SMS security for internet banking purposes as a method to secure individual bank accounts?

I don't remember the last time an AU bank sent me an SMS.
Come to think of it..... no SMS in Hong Kong or Malaysia banks either. Everyone has moved to in app verification which makes A LOT MORE SENSE as it's cheaper, more reliable, and often faster.

About time they strengthened their security - but why when you are just logging in?
If money or points are changing hand then absolutely. But for general browsing? So annoying.

Exactly!

As for the verify by other methods:
- Who the heck knows what date they joined QFF? I can't even find out where to see it once logged in.
- No way to return to SMS verification once clicking verify via another method
- In the mobile app, my cell# is listed as my Australian#, but the SMS verification code is being sent to my Hong Kong#. Why not allow me to select which #?

The 3 security questions inside 'Contact Details'.... even worse. Who the heck knows what any of those responses would be? Enter own question and enter own answer would be MUCH more secure.

What is worse than if you get locked out of the account you need to call Qantas.
I guess most folks getting locked out would be OUT OF THE COUNTRY - where calling Qantas is the last thing they want to do.

You want Qantas to have your fingerprint???

The device intelligence platform | Fingerprint

The Fingerprint device intelligence platform works across web and mobile applications to identify all visitors with 99.5% accuracy — even if they’re anonymous.

fingerprintjs.com

There are other versions of the same concept. Basically, it tags your computer so airlines (and the companies that airlines sell your data to) can track you around the internet. It was designed and is useful for fraud detection, but the commercial application (aka data sales economy) is where it's most prevalent.


The whole SMS verification thing is a MASSIVE backwards step for Qantas and it destroys the customer experience significantly.

 

[zig]

Like @Pushka I have been dealing with this sms verification for at least 18 months, maybe longer. It doesn't generate a verification sms on every login, but on a seemingly random basis.
I'm interested in the security questions - is this a new thing, and is it an alternative to the sms?

 

[Myrna]

Encountered this problem yesterday with hubby's QFF account. Was updating awardwallet, first time saw it asked for a secret question, answered it however account was not updated by AW. Then later in the evening hubby said there was a strange text from QF giving him a code, he thought someone had hacked this account. So, I logged into his account, and provided the code, but it refused to accept it and LOCKED his account Now, have to figure out how to unlock it etc

 

[Flying mermaid]

This is awful. Just logged into Mr FM’s account and had to get a code from him. It means I will no longer be able to log in to Ms FM and Dr FM’s accounts and do things for them, which is really annoying (like choose seats for them at T-80, as they are working and don’t have the ability to do it). I am all for security, but just on login seems a bit over the top

Interesting- having put the code in once I can then logout and login again without getting an SMS with a code again. I wonder what happens tomorrow - will have to try it.

 

[Pushka]

It seems I've been selected for the trial. Multiple times yesterday I received a text and had to insert the texted number to log in. It did suggest there was an alternate if the associated phone wasn't handy. NAB introduced a similar scheme, without notice a few years ago while we were overseas. It impacted awfully on our business including processing payroll. Had to pay a lot of $ to call them direct to sort it out.

Just thinking. This would be a pain in the butt as I often make bookings for MrP via his account. I wouldn't be able to do this in future.

Yep, posted this back in early 2017.

 

[nlagalle]

In using this page just now

Fly with Australia’s most popular airline | Qantas AU. And searching for flight to Perth isn’t classic rewards it brings up the log-in, popped in the details and it worked as usual

When the SMS request happened On Monday 15th July around 4pm, it did offer a question with a link underneath
“Do you wish to verify in another way.”

Yes you can answer those questions (and also use it for Award Wallet)..

 

[nlagalle]

This is awful. Just logged into Mr FM’s account and had to get a code from him. It means I will no longer be able to log in to Ms FM and Dr FM’s accounts and do things for them, which is really annoying (like choose seats for them at T-80, as they are working and don’t have the ability to do it). I am all for security, but just on login seems a bit over the top

Interesting- having put the code in once I can then logout and login again without getting an SMS with a code again. I wonder what happens tomorrow - will have to try it.

The site remembers your browser so once you enter the code its fine for at least a month or more. I manage several accounts on my main laptop this way.