QF trialling two-factor authentication for QFF accounts

Status
Not open for further replies.
Struggling to Redeem Your Frequent Flyer Points?
The Frequent Flyer Concierge team takes the hard work out of finding reward seat availability. Using their expert knowledge and specialised tools, they'll help you book a great trip that maximises the value for your points.

AFF Supporters can remove this and all advertisements

Pushka said:
Of course it does. Just not in the manner you've described.
Click to expand...

How did I describe?

All I said was that if someone could access all of the information available on a typical online banking site without TFA and if that person could also fake a signature (which they may not have) then they could 'walk away' with everything.

Everyone just assumed that would be walking into the bank and withdrawing cash but this is not how most identify theft works.

My premise at the end of the day is access to your online banking is a far greater risk to your QFF account.....
 
Last edited:
I have access to all our creditors banking details but there's no way that means I can do anything with that info other than pay the bills.

Signatures are registered electronically.
 
Pushka said:
Of course it does. Just not in the manner you've described.
Click to expand...

You would be surprised at how a few bits of information can be used to steal your identity.. seems it happen.
 
So today is another day with the test text messages. I don't get them every day but if I get one on a day there will be several.

This time I didn't get the text I had to verify with. So I selected 'need to verify in another way'. This takes you to a screen where you state your mothers maiden name, your birthdate, the date you joined - as if anyone knows that! :eek: and postcode. Just as I realized I had no idea of the date I joined I received the original text. Five minutes later. Gonna have to improve on that!
 
Pushka said:
So today is another day with the test text messages. I don't get them every day but if I get one on a day there will be several.

This time I didn't get the text I had to verify with. So I selected 'need to verify in another way'. This takes you to a screen where you state your mothers maiden name, your birthdate, the date you joined - as if anyone knows that! :eek: and postcode. Just as I realized I had no idea of the date I joined I received the original text. Five minutes later. Gonna have to improve on that!
Click to expand...

The month and year joined are printed on your membership card. While not seeing your entry screens, I'd imagine this is what they are asking you to provide.

"Member since" is also printed in the header on the landing page when you log into QFF, though of course, that's less helpful when you are actually trying to log in. I guess this is where the membership card comes in.
 
Sponsored Post

Struggling to use your Frequent Flyer Points?

Frequent Flyer Concierge takes the hard work out of finding award availability and redeeming your frequent flyer or credit card points for flights.

Using their expert knowledge and specialised tools, the Frequent Flyer Concierge team at Frequent Flyer Concierge will help you book a great trip that maximises the value for your points.

kevrosmith said:
The month and year joined are printed on your membership card. While not seeing your entry screens, I'd imagine this is what they are asking you to provide.

"Member since" is also printed in the header on the landing page when you log into QFF, though of course, that's less helpful when you are actually trying to log in. I guess this is where the membership card comes in.
Click to expand...

I'll grab a screen shot next time.
 
[FONT=arial, sans-serif]So bizzarre that they haven't opted to use a protocol like TOTP that allows codes to be generated offline through apps like Google Authenticator or Authy, or even though the Qantas apps! Even more important given the news of Wifi on planes where you can't receive SMS.[/FONT]
 
Double verify this afternoon. This is the alternative to the text message:
ImageUploadedByAustFreqFly1490068332.093099.jpg

It accepted month and year just fine.
 
Pushka said:
This takes you to a screen where you state your mothers maiden name, your birthdate, the date you joined - as if anyone knows that! :eek: and postcode.
Click to expand...
How did they get that information in order to verify it?
 
The date you joined is on your QANTAS Frequent Flyer membership card.
 
Pushka said:
It's in the profile I guess. Entered when you join.
Click to expand...
I don't recall ever giving them information like that requested. Sure, dob, join date, postcode/address. Information about family? nope.

I used to have an ANZ credit account. They added additional security questions to be able to login to online banking. You had to select 3 questions from a preset list and provide answers and it would randomly select one of the 3 to ask when you logged in. Answers could not be given (or existed) for any of the questions on their list, thus locking me out of my account. As such, I closed the account.

If QF wants to move ahead with security questions for QFF account log in, then any questions need to be selected by the member, not forced on them while expecting answers that the member may not have even given them.
 
Himeno said:
I don't recall ever giving them information like that requested. Sure, dob, join date, postcode/address. Information about family? nope.

I used to have an ANZ credit account. They added additional security questions to be able to login to online banking. You had to select 3 questions from a preset list and provide answers and it would randomly select one of the 3 to ask when you logged in. Answers could not be given (or existed) for any of the questions on their list, thus locking me out of my account. As such, I closed the account.

If QF wants to move ahead with security questions for QFF account log in, then any questions need to be selected by the member, not forced on them while expecting answers that the member may not have even given them.
Click to expand...

What difference does it make who selects the question?
 
The best solution is you don't actually answer the question with the correct answer. Eg, for your mother's maiden name, you just make something up that you'll remember. Means no-one else is going to guess it, as your mother's maiden name is not exactly top secret or difficult to find the answer to.

Therefore, my point is the question asked isn't important. Your nonsense answer is.
 
Pushka said:
So today is another day with the test text messages. I don't get them every day but if I get one on a day there will be several.

This time I didn't get the text I had to verify with. So I selected 'need to verify in another way'. This takes you to a screen where you state your mothers maiden name, your birthdate, the date you joined - as if anyone knows that! :eek: and postcode. Just as I realized I had no idea of the date I joined I received the original text. Five minutes later. Gonna have to improve on that!
Click to expand...

If you have your card on you it's printed there...
 
Status
Not open for further replies.

Enhance your AFF viewing experience!!

From just $6 we'll remove all advertisements so that you can enjoy a cleaner and uninterupted viewing experience.

And you'll be supporting us so that we can continue to provide this valuable resource :)


Sample AFF with no advertisements? More..

Recent Posts

Currently Active Users

Total: 836 (members: 8, guests: 828)
Back
Top