Qantas Authenticator App - Now Live

J

jboy90

Member
Joined
Mar 28, 2016
Posts
170
Hi all,

I thought this would be of interest to share. When logging into my frequent flyer profile on my laptop, I noted I had "information in your profile that needs to be updated". Looking through this, Qantas now allow you to add an authenticator app (Google or Microsoft), to allow authentications when you're at a device Qantas doesn't recognise. I've set mine up and look forward to using it instead of text message.

To get there, log in, go to "Your Profile" then "Personal Information" and you'll see the list item in the list as "Authenticator app"! :)
 
Guvner said:
Has something changed? I've been using MFA via MS Authenticator app for Qantas websites for a few years now.
Click to expand...
Same. Maybe we were random test cases? I was with the original 2 authentications years ago and told Qantas I hated it.
 
Just got into the app and my web based account as usual. Nothing new under 'Personal Info'.

Maybe we are we looking at 'consistently inconsistent' (TM)
 
Nothing new.

I get a 2FA via SMS
The Authenticator app comes into play if using a travel sim card

I actually login into the phone QF app via FaceID.
 
Last edited:
Quickstatus said:
Nothing new.

I get a 2FA via SMS
The Authenticator app comes into play if using a travel sim card

I actually login into the phone QF app via FaceID.
Click to expand...
Not for me. I no longer get the SMS but have to use the Authenticator app. This happened maybe 6 months ago. I also use it for HESTA super and MYOB.

It’s this app


89E1A9DD-CE3D-4472-A7FD-83CC54599B8F.jpeg
 
Last edited:
I’ve been using Authenticator with Qantas for a while now. It’s a great solution if you don’t want to have to rely on SMS especially when travelling as your device doesn’t need to be online to generate the code.
 
Struggling to Redeem Your Frequent Flyer Points?
The Frequent Flyer Concierge team takes the hard work out of finding reward seat availability. Using their expert knowledge and specialised tools, they'll help you book a great trip that maximises the value for your points.

AFF Supporters can remove this and all advertisements

The (first world) problem with Authenticator app is that it is not a push solution.
You have to go to the Authenticator App to get the code.

SMS is a push solution and on the iPhone (at least in some websites requiring 2FA/MFA), the code appears on the website screen and all it takes is to click accept the code.

Xero verify is like an authenticator app but it is a push solution.
When logging in, a message from Xero Verify appears on smart phone - click and accept - rather than having to search for the authenticator app and enter a code
 
Quickstatus said:
The (first world) problem with Authenticator app is that it is not a push solution.
Click to expand...

This can also be seen as a benefit - push solutions require a working data connection which mightn't always be available when overseas.
 
One problem with a “push” SMS is that often, not always, you can see the code on a notification message “preview” without opening the message. So there’s effectively no multi factor authentication in play. i.e you don’t need to enter your screen unlock PIN on, say, an iPhone to see the code. Anyone who picks up the phone can see the code on the lock screen. With a “pull” function you need to actually unlock the device with a PIN or FaceID to generate a code.
As an example, I received this SMS recently. I could see the exact same message on the lock screen without unlocking the phone.
05E0E029-8A96-4B59-8407-400BD490E4C3.jpeg
 
Last edited:
Quickstatus said:
True but I would rather a push solution as the vast majority of the time I have a data connection.
Click to expand...

It's a small inconvenience to open the Authenticator app, but TOTP is a reliable and very secure solution.

Based on how flaky the Qantas app is at the moment, I wouldn't want to rely on it for something as critical as push verification codes. If it was a robust implementation I'd love to see it, but that's an adjective rarely used to describe Qantas IT...
 
Quickstatus said:
SMS is a push solution and on the iPhone (at least in some websites requiring 2FA/MFA), the code appears on the website screen and all it takes is to click accept the code.
Click to expand...
A good password manager app that also stores your 2FA credentials can auto fill the code for you automatically! I've been using 1Password on iOS and Mac to do this and it works wonderfully - just like how SMS codes are auto filled but faster.

If you use the built in iOS password management (Keychain), iOS 16 will support generating 2FA codes as well so it will be available in the system natively when released.

www.macrumors.com

iOS 16 Lets You Use Third-Party Two-Factor Authentication Apps With Built-In Passwords Feature

With iOS 16, Apple is giving users the option to use a third-party authentication app with the built-in Passwords feature in the Settings app. This...
www.macrumors.com www.macrumors.com
 
Guvner said:
One problem with a “push” SMS is that often, not always, you can see the code on a notification message “preview” without opening the message. So there’s effectively no multi factor authentication in play. i.e you don’t need to enter your screen unlock PIN on, say, an iPhone to see the code. Anyone who picks up the phone can see the code on the lock screen. With a “pull” function you need to actually unlock the device with a PIN or FaceID to generate a code.
As an example, I received this SMS recently. I could see the exact same message on the lock screen without unlocking the phone.
View attachment 286008
Click to expand...
Looks like you have an iPhone. Not sure which one you have, but ever since the iPhone X was released in 2017, all my iPhone's have defaulted to hiding notification content unless unlocked.

No one can see any messages on my lock screen without unlocking my phone, and no setting changed on my part.

If you need to, you can enable this like so -
www.macworld.com

iOS 11: How to hide sensitive info in notification previews

With iOS 11, you can hide the content of notifications without turning them off entirely.
www.macworld.com www.macworld.com
 
kpro said:
all my iPhone's have defaulted to hiding notification content unless unlocked.
Click to expand...
That only applies if you don't restore/transfer your settings from a previous phone. I have always had notifications showing the content, I know I could change that if I wanted, but I have never bothered. My first iPhone was iPhone 4 and I've always transferred the settings over.
 
I also started on an iPhone 4 (or iPod Touch 1st gen even), though don't remember making the setting change.

In any case, if this is a question about effort - toggling the sensitive notification option in iOS to enhance your security posture isn't more effort then installing and setting up an authenticator app.
 

Enhance your AFF viewing experience!!

From just $6 we'll remove all advertisements so that you can enjoy a cleaner and uninterupted viewing experience.

And you'll be supporting us so that we can continue to provide this valuable resource :)


Sample AFF with no advertisements? More..

Recent Posts

Currently Active Users

... and 25 more.
Total: 1,129 (members: 75, guests: 1,054)
Back
Top