Qantas Website Goes Nuts With Security

[Renato1]

I was getting sick of receiving Qantas Golf Club emails, in which I have no interest.

So I went to the Qantas site, entered my FF number, my name and my pin.

Then I went to My Profile and - BING - an SMS code was sent to me that I ahd to enetr to continue.

Then I wanted to change my preferences and - and Email is sent to me with a link to be able to do it.

And then, I was darned if I could find the Qantas Golf Club box to untick.

For heaven's sake - this is not a Bank's site, it is an airline site, where no money changes hands in the areas I wanted to access.

In my opinion, Qantas are acting in a ridiculous manner with this unnecessary security.
Regards,
Renato

 

[mannej]

Money may not change hands (it actually can, and have card details stored), but people have had points stolen so security is actually important. It’s just how it’s been implemented that is the issue.

 

[TheRealTMA]

I was getting sick of receiving Qantas Golf Club emails, in which I have no interest.

So I went to the Qantas site, entered my FF number, my name and my pin.

Then I went to My Profile and - BING - an SMS code was sent to me that I ahd to enetr to continue.

Then I wanted to change my preferences and - and Email is sent to me with a link to be able to do it.

And then, I was darned if I could find the Qantas Golf Club box to untick.

For heaven's sake - this is not a Bank's site, it is an airline site, where no money changes hands in the areas I wanted to access.

In my opinion, Qantas are acting in a ridiculous manner with this unnecessary security.
Regards,
Renato

Just forward them to JohnK.

 

[jbman]

The sms 2 factor is a pain. 2 factor is great when done well like on this forum.

 

[AustraliaPoochie]

2factor thingo might be a pain in the posterior but I like it.
Scammers will need my phone first to suck my points.

 

[Pushka]

2factor thingo might be a pain in the posterior but I like it.
Scammers will need my phone first to suck my points.

I hate it. The other day it took an hour to get an sms ad it assumes that we are always in range to get one which is ridiculous given it’s a flight booking service. Hate it.

 

[BAM1748]

Also, don't forget privacy laws just tightened in Australia and standards are now higher on data breaches, this came into effect February 22.

 

[CMA222]

I hate it. The other day it took an hour to get an sms ad it assumes that we are always in range to get one which is ridiculous given it’s a flight booking service. Hate it.

It is an airline site and that anticipates that its customers will be "travelling". QF assumes that everyone "roams" overseas using their Australian number and that for some is not the case.

 

[Renato1]

Money may not change hands (it actually can, and have card details stored), but people have had points stolen so security is actually important. It’s just how it’s been implemented that is the issue.

2factor thingo might be a pain in the posterior but I like it.
Scammers will need my phone first to suck my points.

By all means, protect the points using SMS and email.

But what are they protecting me from when I want to change my email preferences?
Regards,
Renato

 

[Renato1]

I hate it. The other day it took an hour to get an sms ad it assumes that we are always in range to get one which is ridiculous given it’s a flight booking service. Hate it.

Yes, until two years ago with my old providers I was having great difficulty getting SMSs where I live. I can't be the only one in that situation.
Regards,
Renato

Also, don't forget privacy laws just tightened in Australia and standards are now higher on data breaches, this came into effect February 22.

Thanks but Virgin haven't changed their site, to be akin to the over-the-top Qantas site My banks haven't changed their sites. And a dozen other places I'm a member of which lists similar information profiles to what I have at the Qantas site, haven't changed their sites. Why has Qantas gone so over-the-top?
Cheer,
Renato

It is an airline site and that anticipates that its customers will be "travelling". QF assumes that everyone "roams" overseas using their Australian number and that for some is not the case.

Very good point, which I hadn't thought about.
Not everyone has international roaming. And not everyone takes a laptop overseas. I find tablet and Smart phones darn awkward to use in such situations.
Regards,
Renato

 

[mannej]

By all means, protect the points using SMS and email.

But what are they protecting me from when I want to change my email preferences?
Regards,
Renato

Considering scammers have updated email information before stealing points, I think you are rather naive on the topic.

 

[AustraliaPoochie]

OT but some one I know had their Optus prepaid service ported out and they they didn't realise.
It pays to keep an eye on your QFF and mobile phone accounts.

 

[Renato1]

Considering scammers have updated email information before stealing points, I think you are rather naive on the topic.

Perhaps you can explain my naiviety - exactly how does changing my email preferences for receiving ads from Qantas, affect security of FF points in a more protected section of the site?
Regards,
Renato

 

[mannej]

Are you sure it asked you for a OTP as this is what I am seeing. The data you were updating falls under Other details, which doesn't require the OTP, however as I have mentioned previously, Scammers/Hackers have updated e-mail address details before scamming points which is why it has the security it has now. Not rocket science.