For a site/service that deals in such important personal information and huge $$$ value of transactions... the security on QFF is abysmal, boarding on negligent. The only thing between Users and Hackers is a pathetically weak four digit PIN. Probably stored in plain-text at the back-end.
Which is why I will never store any payment details in my QFF account, despite the total PITA of having to enter manually every time I make a booking.
QF made decent money this year.... wish they would use some of it to upgrade the security of the QFF website login to a minimum of allowing LONG & STRONG passwords and the option to enable 2FA.
I realise QF is not alone here.... many of the other airline and travel sites I use have the same low-bar security measure, prioritising user convenience over user security. But for an enterprise the size of QF.... this should not be a hard decision, nor hard to do.