SMS Login Verification - Argh

Status
Not open for further replies.
This was some time ago, 2010 ish that I can remember, and earlier. No issue now, just don't agreed with the claim that Australian telcos have never charged to receive SMS

Telstra definitely charged to receive incoming SMS when overseas. I’m not sure when it stopped. Possibly the last 5 years or so. I would have old company phone bills in our archives which prove it.
 
Depending on your account there is still a charge from any telco to receive SMS when overseas. I also remeber when there was a charge to recieve a mobile phone call, even junk calls.
 
Telstra definitely charged to receive incoming SMS when overseas. I’m not sure when it stopped. Possibly the last 5 years or so. I would have old company phone bills in our archives which prove it.

It's been at least 10 years since the major Australian carriers charged to receive SMS while roaming. I lived overseas from late 2010 to early 2012 and researched it quite thoroughly before leaving. Threads on Whirlpool from the time confirm it was the case..


I'm sure it would have been charged at one point though.

Anyway, back on topic - I've set up TOTP 2FA and while it's working fine, the QR code data disappointingly includes my QFF number. Considering QF tell us to be careful with our QFF numbers and they've since removed it from BPs for privacy reasons, I'm surprised they decided to include it.

If someone were to have access to my (unlocked) phone, we're back in the position where they just need to guess a bloody 4-digit number. Frustrating.
 
Sponsored Post

Struggling to use your Frequent Flyer Points?

Frequent Flyer Concierge takes the hard work out of finding award availability and redeeming your frequent flyer or credit card points for flights.

Using their expert knowledge and specialised tools, the Frequent Flyer Concierge team at Frequent Flyer Concierge will help you book a great trip that maximises the value for your points.

I noticed in my account update email today they announced you can use an authenticator app

About time. I just set mine!

I don't use my AU SIM whilst overseas so it has been a massive pain whenever I needed to log in.
 
OOPS, Many apologies. I am on prepay Australian account with no roaming but live in NZ. My account is curently not topped up, and you will understand why, and until the SIM expires it seems I can receice SMS. Apologies again. Obviously I can't send an SMS nor receive phone calls.

or make phone calls.
 
Last edited by a moderator:
Anyway, I haven't recieved the verification email from Qantas.
 
I have been getting into my account, by answering challenge questions. So, what's the point of this app? And why all the complains here? Have I missed something?
 
Can you sign up to use the authenticator app from the Qantas app, or do you have to use the full web site? I rarely get either the SMS or the challenge questions - it usually just goes through fine with the PIN - so I'm less affected than some people in this tread.

@Chicken , note that challenge questions are quite insecure (even worse than SMS), so the move to Authenticator apps, which is one of the best forms of 2-factor authentication, is being applauded in terms of increasing the security of the account.
 
@Chicken , note that challenge questions are quite insecure (even worse than SMS), so the move to Authenticator apps, which is one of the best forms of 2-factor authentication, is being applauded in terms of increasing the security of the account.

When I log in, I have to provide the 4 digit PIN, then presented with a challenge question.

For what it is worth, the 4 digit PIN was generated by my password generator (Keepass), and if I am really worried, I could simply get my password generator to generate a random password for each question, so it would be extremely secure.

Hence, I don't know why are people complaining about SMS and mobile app?
 
if I am really worried, I could simply get my password generator to generate a random password for each question, so it would be extremely secure.
Fair point - I did mean that if challenge questions were taken at face value and actually answered accurately, they pose a risk.

I use a fake birthdate for non-important web sites that ask for it, as a simple obfuscation point. As you note, you could use random strings for those challenge questions instead of what they actually ask for, if you wanted.
 
Sometimes I have not received the SMS from Qantas so had to answer the questions. No big deal, as long as I remeber how to spell my mother's maiden name (it's not Smith or Jones) and the date I joined FF.
Post automatically merged:

*remember
 
When I log in, I have to provide the 4 digit PIN, then presented with a challenge question.

For what it is worth, the 4 digit PIN was generated by my password generator (Keepass), and if I am really worried, I could simply get my password generator to generate a random password for each question, so it would be extremely secure.

Hence, I don't know why are people complaining about SMS and mobile app?

You're missing the point of multi-factor authentication. The idea behind it is there are two different factors. Something you know, you're password/pin/answers to questions and something you have, you're phone.
 
The Frequent Flyer Concierge team takes the hard work out of finding reward seat availability. Using their expert knowledge and specialised tools, they'll help you book a great trip that maximises the value for your points.

AFF Supporters can remove this and all advertisements

On post paid plans Optus has never charged for receiving SMS oversea. Ive taken my phone overseas (roaming on, data off) every year since 99 and have never once been charged to receive SMS, only to send SMS, People mistakingly enable those $10 a day feature (not necesary on post paid).

Ive been on several plans over the years too.
 
But if you get a local SIM to avoid high data fees (even $10/day is quite high for many), you have to change the SIM in and out to receive SMS's from companies/banks. This is the reason I don't like it. Unfortunately, dual-SIM phones are still not that common (iPhone has never had them).

My bank has switched to using iOS notifications to deliver a confirmation code. I'm not sure that's any more secure than an SMS. It does have the advantage of being less susceptible to the phone number being ported without my knowledge.
 
Status
Not open for further replies.
Back
Top