MikeG
Active Member
- Joined
- Mar 20, 2005
- Posts
- 745
- Qantas
- Gold
- Virgin
- Red
- Oneworld
- Sapphire
I think just beefing up their password strength and requiring password changes every 12 months would be enough.
Also if the user logs in from a new IP address, certainly have an email confirmation sent, which the user needs to click a button in the email to allow that IP address access would be enough to cater for hack attempts. Of course, if someone wants into your account bad enough they can spoof your IP address or hack your email to work around this - nothing is infallible, but you want to ensure you make it hard for them without adversely affecting the user experience (which Qantas obviously doesn't really understand)
Also if the user logs in from a new IP address, certainly have an email confirmation sent, which the user needs to click a button in the email to allow that IP address access would be enough to cater for hack attempts. Of course, if someone wants into your account bad enough they can spoof your IP address or hack your email to work around this - nothing is infallible, but you want to ensure you make it hard for them without adversely affecting the user experience (which Qantas obviously doesn't really understand)