SMS Login Verification - Argh

[odysseus]

Except they ARE allowing other options. You (and others) seem to just be ignoring that fact.

View attachment 177684

Click I need to verify in another way and you get...

View attachment 177685

Umm... care to point out where I've ignored that?

 

[Daver6]

I'm against enforcement of only one type of security, without allowing for other circumstances.

Umm... care to point out where I've ignored that?

Or perhaps I've misunderstood. The way I read it you were implying it was SMS or nothing to be able to login. I was pointing out there are other methods available.

 

[Deleted member]

So I just read AFF newsletter, and you can op out of SMS by switching to security questions instead. So all the boo ha ha here for nothing? Is the AFF article correct?

I think you mean “brouhaha” and either way the two factor ID is a pain in the rear!

 

[Beano]

Do you have to pay for receiving SMS outside AU? We maintain a very low cost Australian SIM card (data roam always turned off) we use to receive SMS for authentication for several Australian banks ( which don't accept/work with overseas phone numbers) . We don't pay for incoming SMS, only outgoing. Main problem is if we forget to turn the phone off after we use it, someone calls and it gets diverted to voicemail - which costs $$$ if phone is on (but not if phone is off).

Works for me. I live in new Zealand and have an Australian phone account with no data roaming but I receive SMS. No cost, even when I havn't topped up my account.

 

[Beano]

I had to login with the security questions. Got as far as "Date of Joining". Didn't have my qantas card. OOPS. Found it and accessed my Qantas account.

 

[Beano]

I have no probel with the new security system. Just tales getting used to.

 

[falconea]

Well, this has annoyed me mightily for a different reason to most. Let me explain.

I'm partially deaf and can't understand voices over phones. For this reason I never give out my mobile number, because I don't want to risk someone attempting a voice call with something moderately important. Friends and co-workers have my number and they know to text me rather than try to call me.

If my phone actually does ring I assume it's of critical importance (eg hospital calling to tell me that Mr Falconea has just been admitted) and I grab the nearest random person to take the call for me.

So, Qantas has Mr Falconea's mobile number, not mine. And he has to forward SMSes to me, if he's available to do so at the time.

The older I get the grumpier I get about systems that interfere with my management of my disability. For me receiving calls is a major issue as well as a breach of my privacy. My boss once took a call that came in on my phone and got given the results of medical tests.

Audrey

 

[Chicken]

Well, this has annoyed me mightily for a different reason to most. Let me explain.
I'm partially deaf and can't understand voices over phones.

I think there are 2 problems here.

1: You can use the secret question answer option, in order to avoid the SMS option.
2: What you described is a good example of what happens when systems are designed by people not from disability or other minority background, and these problems should be raised, then challenged. If the secret question does not work for you, you should raise it with Qantas, and if they don't work with you, you should go all the way to the Disability Commissioner . Sometimes, you are just not taken seriously until you go all the way.

Further, if you have told Qantas, then Qantas should only contact you with the option which they are able to communicate with you, e.g. via TTY service (putting aside the problem with NBN and TTY)

It does work, like when the fed disability commissioner takes CityRail to court PM - Blind man sues NSW train service 13/08/2012

 

[Beano]

The SMS verifiaction was not on my laptop, but on a phone, (not my registed phone).

 

[Max Samuels]

Surely you can opt out of this rubbish. I hardly think FF points are something so valuable you need this kind of crazy security. Firstly, if you steal someone's points to book yourself a ticket.... you are dumb, because the ticket will be traced to you when you turn up to the airport to board the flight..... secondly, if someone "hacks" your account and sends the points to themselves, well, once again, there will be a trail of who dunnit as the recipient must also be a FF member and the airline knows where they live... literally.

This is quite different to bank account hacks, where someone can wire money to an OVERSEAS bank, which makes it much harder to trace.

Sounds to me like Qantas has doubled down on the "B" team they call IT... no doubt the idea of some second rate hack who doesn't really know what they are doing.....

 

[Chicken]

Surely you can opt out of this rubbish.

Yes you can, by switching to security questions and answers instead of SMS. It's in the AFF newsletter, and mentioned many times in this thread.

I hardly think FF points are something so valuable you need this kind of crazy security. Firstly, if you steal someone's points to book yourself a ticket....

trying telling this, to the victims in the ABC article I linked to earlier.

 

[jenib]

Except they ARE allowing other options. You (and others) seem to just be ignoring that fact.

View attachment 177684

Click I need to verify in another way and you get...

View attachment 177685

Except they didn't work for me when trying to check my mother's account at her request (she is on a cruise in Alaska). She finally received the text message 10 hours (not 10 minutes) after I tried to log in when she turned her phone back on once in port and awake! The alternative method (answering 3 out of 4 questions correctly) got a message that Qantas needed more information placed on her account. Not a huge deal and we will add extra info when she returns but given that we both get at least 5 emails a week from Qantas, the least they could have done is send a message to customers letting them know that this was going live this week!

 

[Max Samuels]

trying telling this, to the victims in the ABC article I linked to earlier.

I couldn't find it.... a lot of stuff about which phone companies don't charge for overseas SMS and fake news about that stuff etc.... would be keen to read it if you can be bothered to re-post the link.

In the meantime, unless these "victims" number in the 1000s, we are talking pretty low numbers yeah? There are 11 million QF members, billions of points moving around every year I would imagine.... I wonder how much of a "risk" this kind of fraud actually is, and whether it is worth it to implement such a stupid system.

Remember, points are not money. QF can give them away as they please. Double points promo? Let's do it! Missing points claim when the partner airline doesn't submit paperwork properly? Well they just credit you anyway "in good faith"! Banks, which are heavily regulated by things such as APRA, cannot just explain away mistakes by crediting your account with money, and don't ever offer "free" money as part of a promotion. Yet the security they use seems more sensible to me.

With my bank, for example, I'm only ever asked for 2FA when I am sending money to a new payee. QF could do something like that. Their system is immature and feels very much like the product of the work experience guys or the B team from some 2nd rate IT vendor..... I have been asked to "authenticate" even when using the Qantas app! On the same phone I have had for 2 years! The same one I use finger print to open - yet it sent me a SMS - and is so unintelligent that it couldn't read the SMS but I had to jump between screens and memorise the code to enter it into the QF app.... rookie mistakes.

 

[Beano]

Been there when the sms is sent to the same phone you need to login with. Sucks. You can copy and paste.

 

[Max Samuels]

You could always stop using telstra... voda and optus are basically giving away roaming with near unlimited data and free call and txt ofcourse

Hate to put a Telstra plug in.... but my current plan with Telstra is $80/mo, 90GB data and unlimited everything else incl roaming. The only restriction is roaming data is limited to 2GB month, and then $10 for extra 500MB.

 

[Beano]

Optus prepaid $10 for 5 days and I receive SMS anytime, anywhere, well at least in NZ and even when expired. Might be same for on-account, but SMS is not data.

 

[Chicken]

the least they could have done is send a message to customers letting them know that this was going live this week!

I totally agree. They should have sent comms out at least a month in advance. They have been bombing my e-mail with junk everyday, yet they couldn't send 1 single comm out about this. This is poor form. If I did this at my work, I would get more than a boot up my blackhole.

would be keen to read it if you can be bothered to re-post the link.

How enduring power of attorney documents enable children to rip off the elderly (16 Dec 2018 ABC)

The theme of that story, is younger / more computer and legal stuffs OK relos, are stealing from older / less computer OK / less legal OK relos. This story makes me angry, but well, human nature.

In the meantime, unless these "victims" number in the 1000s, we are talking pretty low numbers yeah? There are 11 million QF members, billions of points moving around every year I would imagine.... I wonder how much of a "risk" this kind of fraud actually is, and whether it is worth it to implement such a stupid system.

Imagine just 1 example of this, son stealing points and pretending to be retired father with life time gold, used his points, fly, lounge. A year later, father found all his points emptied out. Herald Sun, Today Tonight. What sort of a PR mess is Qantas going to have to clean up?

And imagine if you were the person in QF who made the call not to go live with this SMS for now (sure, there maybe better options, but this is the cheapest quickest off the shelf solution you could get, that's all the resources and budget you had). Now, go explain to your boss, how you made the decision not to implement this, and have your boss go and face the people up there. Awkward is the least of your problem.

Their system is immature and feels very much like the product of the work experience guys or the B team from some 2nd rate IT vendor.....

Exactly, which is why, I would rather they use their resources on things like flight search engines and what not. So many banks are using SMS, 1 more is not going to, I don't know, end of the world?

 

[drron]

Surely you can opt out of this rubbish. I hardly think FF points are something so valuable you need this kind of crazy security. Firstly, if you steal someone's points to book yourself a ticket.... you are dumb, because the ticket will be traced to you when you turn up to the airport to board the flight..... secondly, if someone "hacks" your account and sends the points to themselves, well, once again, there will be a trail of who dunnit as the recipient must also be a FF member and the airline knows where they live... literally.

This is quite different to bank account hacks, where someone can wire money to an OVERSEAS bank, which makes it much harder to trace.

Sounds to me like Qantas has doubled down on the "B" team they call IT... no doubt the idea of some second rate hack who doesn't really know what they are doing.....

Except that the people who steal points can be those who on sell the points to some unsuspecting individual or to dodgy on line agents so the person turning up for the flight is also a victim who pays a high price for being the victim of a scam.
The thief will have covered their tracks.

 

[Max Samuels]

Except that the people who steal points can be those who on sell the points to some unsuspecting individual or to dodgy on line agents so the person turning up for the flight is also a victim who pays a high price for being the victim of a scam.
The thief will have covered their tracks.

Evidence please. Happy to consider this scenario with some evidence.....

So the suggestion is that some poor person buys a ticket from a "travel agent", pays cash for the ticket, but the travel agent actually uses stolen points instead of the cash? And when the victim receives the e-ticket he/she is so stupid they don't see that the amount is $36 instead of the amount he/she was quoted? Unless of course the dodgy travel agent doctored up the e-ticket to hide this fraud.... in which case this is just so convoluted and so many laws have been broken that the stealing of points is the least of your concerns. If such a travel agent existed, why go through the trouble of using stolen points to issue a ticket for which you have doctored anyway? One might as well take the cash and just create a false ticket.....

 

[Beano]

Yipee, I'm now a "member". This was my "Status Run"