QF trialling two-factor authentication for QFF accounts

[clazman]

Got that the last two months. Still no 2FA here.

had it twice and nothing ....

 

[Basalt]

had it twice and nothing ....

Ditto, not holding my breath....

 

[Pushka]

Not helpful Qantas. Still on trial for the double log in. With the countdown clock you need to enter the validation code within 10 minutes of trying to log in. Today. No text message and no option to have it resent. Finally arrived about 15 minutes later. Get your act together Qantas.

 

[Flying Fox]

My guess is that this new authentication process is what is causing problems for sign-on via safari and other platforms.

Can I have a chorus of 'roll back the software' please???

 

[JessicaTam]

I received this in one of my QF emails last week:

Keep your account safe: update your details today for two-step verification

We've launched two-step verification. Please log in to your account, and check your details are correct.

No thanks.

 

[donovan301]

Qantas are looking after their own cough and liability chances.

They are not trying to make our life safer.

An attempt at passing the corporate liability buck.

 

[Pushka]

We've launched two-step verification. Please log in to your account, and check your details are

Having been stuck with the pilot for 4 months at least I know the system now. Failure today.

 

[Archphoto]

Had a *huge* problem with this during the week - it actually was asking for "Mother's Maiden Name" & DOB.
Wouldn't accept either of these and I ended up having to play "Wait Forever over Two Days" to get it fixed.

Now I get the password SMS option which thankfully works!!

I do this all the time with my Thai accounts, so it doesn't bother me - all I'm happy about is that I don't have to listen to the 131131 God-awful music for another 36 hrs.

 

[Pushka]

This was just mentioned in a news report on Masterchef contestants who are flying to Japan and who flashed their BP with full details. They said both Qantas and Virgin are bringing it in.

 

[Sdtravel]

My Monthly email just had at the bottem athat 2fa is now live

"Two-step verification is here. Update your details to keep your account safe online.
To ensure your details are secure, we've introduced a new security process - two-step verification. Log in to your account now and check your details are up to date."

Given this thread i might wait for a bit

 

[kevrosmith]

My Monthly email just had at the bottem athat 2fa is now live

"Two-step verification is here. Update your details to keep your account safe online.
To ensure your details are secure, we've introduced a new security process - two-step verification. Log in to your account now and check your details are up to date."

Given this thread i might wait for a bit

IME, you won't enable it by responding. They're just asking you to check the details are correct for when it is finally activated for all. It does help if you know the following data items:
* Month and year joined (it's on your membership card and listed on the welcome screen when you log in)
* Postcode
* Mobile number
* Mother's maiden name (you would've provided that when you originally signed up, even if it was a long time ago and you don't remember doing so)

 

[trippin_the_rift]

I logged in and saw nothing?

 

[Himeno]

* Mother's maiden name (you would've provided that when you originally signed up, even if it was a long time ago and you don't remember doing so)

I have never seen that displayed anywhere within any QFF paperwork or online setting.

 

[kevrosmith]

I have never seen that displayed anywhere within any QFF paperwork or online setting.

It's in the application. https://www.qantas.com/fflyer/dyn/joinff



I've been a member since late-90's and they had the correct value, so I must've provided it back then (even though I don't remember doing so, but really, who would?) And for all the family accounts I manage, they had the correct value, so I'm not putting that down to coincidence.

 

[Pushka]

My Monthly email just had at the bottem athat 2fa is now live

"Two-step verification is here. Update your details to keep your account safe online.
To ensure your details are secure, we've introduced a new security process - two-step verification. Log in to your account now and check your details are up to date."

Given this thread i might wait for a bit

I did nothing whatsoever to my account but the two step trial 'just happened' to my account last April. Nothing you do or don't do will stop it.
I obviously provided my mothers maiden name back in the mid nineties but don't remember doing so.

I just tried doing a transaction on NAB that required an SMS verification. I'm currently in Denmark. It did not come through on SMS on Wifi - I had to turn on to the OS Optus provider to get it. It's a woeful decision by Qantas.

 

[Sdtravel]

I cant say with absolute confidence that my mothers maiden name would be correct. How does one check this? I didnt see it in the drop list when i logged in.

I misunderstood it 3 years ago so if anyone looks at my last 2 ESTA's they will have different things in them. I can only guess what 12 year old me thought it meant.

 

[amaroo]

Have started being spammed about changing passwords on all family accounts .... I'll hang out to the bitter end.

 

[kevrosmith]

I just tried doing a transaction on NAB that required an SMS verification. I'm currently in Denmark. It did not come through on SMS on Wifi - I had to turn on to the OS Optus provider to get it. It's a woeful decision by Qantas.

SMS is not a data protocol, it's a telecom protocol*, so you certainly would not receive an SMS through a wifi data network. You have to have your telecom service enabled in order to receive an SMS.

There's usually no reason why you can't activate your telecom service while OS. Enabling your mobile data service on your mobile device OS is a different issue, of course.

Needing to receive SMS messages is almost the main reason I ensure I have my Aussie SIM in a device while overseas. Phone calls can be diverted or sent to Voicemail, and other data services can be replaced (e.g. using wifi hotspots), but SMS messages can't be diverted, and expire if they are not delivered within a certain timeframe.

It's also another reason why using data-based messaging services, such as iMessages or Whatsapp helps to overcome some limitations with SMS, though of course (as you've discovered), these services don't help when you actually need to receive an SMS.

*I'm using these terms broadly to distinguish between services over telephony networks, including mobile telephony v. computer data WAN/LAN/Wifi networks

 

[Pleb Status]

SMS is not a data protocol, it's a telecom protocol*, so you certainly would not receive an SMS through a wifi data network. You have to have your telecom service enabled in order to receive an SMS.

There's usually no reason why you can't activate your telecom service while OS. Enabling your mobile data service on your mobile device OS is a different issue, of course.

Needing to receive SMS messages is almost the main reason I ensure I have my Aussie SIM in a device while overseas. Phone calls can be diverted or sent to Voicemail, and other data services can be replaced (e.g. using wifi hotspots), but SMS messages can't be diverted, and expire if they are not delivered within a certain timeframe.

It's also another reason why using data-based messaging services, such as iMessages or Whatsapp helps to overcome some limitations with SMS, though of course (as you've discovered), these services don't help when you actually need to receive an SMS.

*I'm using these terms broadly to distinguish between services over telephony networks, including mobile telephony v. computer data WAN/LAN/Wifi networks

This is exactly why I have a dual SIM Galaxy S8+. Telstra SIM for SMS and local SIM for data/calls. Makes life so much easier...

 

[Homer]

And two-factor authentication using a cell phone as the second factor is only secure if you’re sure that your telco can’t be socially engineered to break their own security protocols: https://carpeaqua.com/2017/07/07/hack-the-planet

I think it would have been preferable if Qantas used something like Google Authenticator.