SMS Login Verification - Argh

Status
Not open for further replies.
Flying mermaid said:
It’s a solution and one I will suggest to Ms FM and Dr FM, but I can see that there will be a lot of swapping of phone numbers as there will be times when they want their own in there :(
Click to expand...
You can still list their phone numbers as the contact when travelling - perhaps change the number in that booking after departure? Though I had an experience with a relative who had a travel disruption overseas - they didn't contact QF, they contacted me as their "travel agent" and wanted me to make whatever changes to the booking were necessary to fix it!
 
So frustrating for a provider of travel services to do this! I certainly don't pay to have my phone working overseas, it's insanely expensive. Before leaving, I have to remember to do any payments from my bank account I'll need to be able to do (like putting more cash in my Citi Debit plus card) as my bank sends an SMS verification whenever you pay someone "new". I was trying to vote in the NSW election in March from the US, and had set everything up, I thought, but noooo there was some SMS thing. FFS!
 
JohnPhelan said:
You can still list their phone numbers as the contact when travelling - perhaps change the number in that booking after departure? Though I had an experience with a relative who had a travel disruption overseas - they didn't contact QF, they contacted me as their "travel agent" and wanted me to make whatever changes to the booking were necessary to fix it!
Click to expand...
ok - sounds like a plan - and Dr FM also tends to contact me if things go wrong, as she knows I have the experience!
 
Chicken said:
....This is exact what this SMS is trying to prevent, you going into your relo's accounts without their authority. On top of breaking whatever T&C on log in / security, it is to ensure that, the account owner is aware what you are doing to their account, whenever you log in. This is a big problem with divorced, and also a big problem with kids doing fraud to their older parents.

How enduring power of attorney documents enable children to rip off the elderly (16DEC2018 ABC)
Click to expand...

This is why I submitted written authority to Qantas many years ago for the accounts I manage.

In my line of business I don’t bend the rules.
 
Last edited:
ALH said:
This is why I submitted written authority to Qantas many years ago for the accounts I manage.

In my line of business I don’t bend the rules.
Click to expand...

So why not just change all the phone numbers to your phone, so you get the SMS without having to bother the original account owner?

I really don't know why is everyone willing to lose so many body cells over this SMS?

80% of the general population knows how to use SMS authentication. 95% of the population doesn't know how to use keygen (hardware or app), nor Google authenticator.

IT picked SMS cos most people know how to use it, doomed (just look at the responses here). They implement something like app keygen, people would then complain because they use Windows Phones. They implement hardware keygen, and people complain they don't want to bring a piece of hardware. Worst of all, everytime something happens, it is IT who is made the evil people and they are hung out dry (on TV, radio, whatever).

Of course this SMS is annoying; but is losing all your points less annoying?

Of course there are more secure and easier to do this; but are you going to learn how to use it? Or are you just going to complain again?

People need to just put things into prospective, and look at the question here from EVERY angle, not just their own angle.

And, to round this out, kids are already stealing things from parents (read the ABC article I posted earlier in this thread), and it is getting the attention of TV newspapers and lawyers. If you guys are so against a tiny SMS, sure, let's just have 1 child steal some points from the parent's QF account, and let it go on TV. Qantas is going to lock down their system so hard, we are all going to regret fighting against this SMS thing.

Be VERY careful what you wish for.
 
Last edited:
Sponsored Post

Struggling to use your Frequent Flyer Points?

Frequent Flyer Concierge takes the hard work out of finding award availability and redeeming your frequent flyer or credit card points for flights.

Using their expert knowledge and specialised tools, the Frequent Flyer Concierge team at Frequent Flyer Concierge will help you book a great trip that maximises the value for your points.

get me outta here said:
Ok, I'm intrigued, what job do you have, seeing as you mention it? :D
Click to expand...

My day job is in process and controls. Controls is really about preventing things from going wrong in the first place. The belief is, it is better to stop all possibilities for things to go wrong, before things go wrong, because cleaning up is going to be painful, painful in so many ways.

Which brings me back to my edited last post.

Sure, let's go fight against this SMS things, so the ABC story I posted would repeat itself, some person gonna steal points from their parent, TV stations are going to be saying QF has bad security, then Qantas would lock down so hard we would not know what hit us.

Be careful what you wish for, sometimes, really.
 
Struggling to Redeem Your Frequent Flyer Points?
The Frequent Flyer Concierge team takes the hard work out of finding reward seat availability. Using their expert knowledge and specialised tools, they'll help you book a great trip that maximises the value for your points.

AFF Supporters can remove this and all advertisements

Ok, so I'm trying to work out what all the fuss here is. Out of curiosity, I clicked the button that said 'verify another way' (or similar) and was presented with the following:

177219

Now if you can't answer:
- the DOB of the person
- the postcode per the users details
- date of joining (it's found on your FF card)
- the security question (which can be updated in your profile: My Account > Personal Information > Security Questions)

Then I daresay that you shouldn't be accessing said person's account. Don't get me wrong, it's certainly not user friendly, but there is an alternative way to access without needing to receive an SMS.
 
Chicken said:
Incorrect. You do not need mobile data for SMS service (that is send and receive). SMS are not transmitted over data network.
Click to expand...
I see the statement SMS does not use data, maybe,
Having had a phone that once was the size of a brick on a plan that cost less than a latte / month and mobile data was a print out in the brief case - it may amaze some that we started receiving excess data usage charges -
(telco) oh that's for sms - we cant send them phone only - oh it's for receiving them. - not my cost refund plse
how did we know - it lived in the glove box just in case the car broke down and was not used
it may be fractions of a cent now but it may be there - a minor cost.
seriously though:-
now i must have my phone so I can agree to pay the extra fees and charges for an award gift QFF seat!!?

Just returned from a trip to the middle east where the phone got lost ( and returned in the mail ) glad i didn't need an update on a flight or to make a change
read the phone forums - number 1 advice if going o/s pull sim out to avoid bad telco bills


What I really truly want is a Virgin we swap your QFF points for equivalent Virgin points and I'm gone -
over being drip charged for bookings, paid or points then told you're only getting a free flight -it's a lucky dip.
:-(
(next year a verification fee ??? + visa charge?)

have fun
newbie since before 2009
 
In relation to logging in, there's a "I need to verify another way" link at the bottom. If you don't have access to your phone, just use that method of verification which are the security questions. Logging in is the only time for me that they send a SMS. I don't receive a verification code to change details etc (maybe because they already verified during login).
 
get me outta here said:
Could QF do a fingerprint?
Click to expand...


Yes, this was mentioned before, and no this is not practical.

1: What if your PC doesn't have a fingerprint reader?
2: There is now a test case that you own your fingerprint, and people can't make you hand it over : Jeremy was fired for refusing fingerprinting at work. His case led to an 'extraordinary' unfair dismissal ruling (21 May 2019 ABC)

Fingerprint is a minefield. Anything to do with biometric is a minefield. It is currently easier to just not go down this path.

On a side note, I don't know why or how, but I was walking around the office 2 weeks ago and noticed someone sticky taped the web cam on their notebook computer. I was like, wow. So I then did a walk around of the office, and noticed around 30 to 40% of people have covered up their web cams.

No, I don't work in IT or security company. In fact, IT here is, um, let's just say, not crash hot. Think about the resistant you get if Qantas was to introduce biometric.
 
Surely mother's maiden name is a joke! How hard is to find that out from things one used to answer years ago. My daughter's mother's maiden name is part of her name, and it is a short step then to get my name. The other info options will be easy to get once and reuse. This seems to be easy now that example below is shown on how to get into an acct.

Fergo747 said:
Ok, so I'm trying to work out what all the fuss here is. Out of curiosity, I clicked the button that said 'verify another way' (or similar) and was presented with the following:




View attachment 177219

Now if you can't answer:
- the DOB of the person
- the postcode per the users details
- date of joining (it's found on your FF card)
- the security question (which can be updated in your profile: My Account > Personal Information > Security Questions)

Then I daresay that you shouldn't be accessing said person's account. Don't get me wrong, it's certainly not user friendly, but there is an alternative way to access without needing to receive an SMS.
Click to expand...
 
get me outta here said:
Surely mother's maiden name is a joke! How hard is to find that out from things one used to answer years ago. My daughter's mother's maiden name is part of her name, and it is a short step then to get my name. The other info options will be easy to get once and reuse. This seems to be easy now that example below is shown on how to get into an acct.
Click to expand...

Yep, which is why I found Suncorp Metway a breathe of fresh air.

I called Suncorp a few times a while ago (they are only my back up bank), and I was asked questions like 'tell me the last transaction you did to your account' and 'tell me where do you use your card most, name the shop'. I would say, these are the most challenging questions, yet relatively easy to answer.
 
It's good that they're trying to improve security but they really should have started by switching to proper passwords instead of a 4-digit PIN number to login with.
 
SeaWolf said:
It's good that they're trying to improve security but they really should have started by switching to proper passwords instead of a 4-digit PIN number to login with.
Click to expand...

Haha, and move to single log in. It is stupid and confusing for users to have 3 different passwords for Qantas / Qantas Business / Qantas money.
 
Chicken said:
Haha, and move to single log in. It is stupid and confusing for users to have 3 different passwords for Qantas / Qantas Business / Qantas money.
Click to expand...
VERY good point. I love that Qantaswines is directly linked to your QFF login so please please please have this with the other assets as well. But from my own work experience, I know how damn hard these things are internally- never anything like this is as easy as it seems to the Customer from the outside.
 
Chicken said:
Haha, and move to single log in. It is stupid and confusing for users to have 3 different passwords for Qantas / Qantas Business / Qantas money.
Click to expand...

The problem with QF Money is that it's actually Citibank. Not sure how well the QF and Citi systems would link.......
 
Chicken said:
Haha, and move to single log in. It is stupid and confusing for users to have 3 different passwords for Qantas / Qantas Business / Qantas money.
Click to expand...
Baby steps ;)

In all seriousness, I can understand why QF (and most banks) are using SMS as 2FA. It just works. It's not a fantastic security solution (mobile porting fraud has become a serious problem) and it does have drawbacks (availability of roaming/coverage) but it's a hell of an improvement over nothing. Anyone using a SMS solution knows that as long as they have the customers mobile phone number, they'll be able to receive SMS, they don't know that about authentication apps since phones like these are still very popular among the retired sector. Authenticator apps generally also require tech support to be available and my understanding is that QF have enough of a problem answering the phone as it is.

In a perfect world QF would start to offer several options, such as using a TOTP Autheticator app with fallback to SMS, then to email, then to questions. But since they can't seem to manage to migrate to SSO or using actual passwords it's probably too much to hope that they'll suddenly get a sophisticated online security infrastructure.
 
Status
Not open for further replies.

Enhance your AFF viewing experience!!

From just $6 we'll remove all advertisements so that you can enjoy a cleaner and uninterupted viewing experience.

And you'll be supporting us so that we can continue to provide this valuable resource :)


Sample AFF with no advertisements? More..

Recent Posts

Currently Active Users

Total: 482 (members: 36, guests: 446)
Back
Top