SMS Login Verification - Argh | Page 7 | Australian Frequent Flyer
Australian Frequent Flyer

Welcome to Australia's leading independent Frequent Flyer and Travel Resource since 1998!
Our site contains tons of information that will improve your travel experience.

Joining AFF is fast, simple & absolutely free - register now and take immediate advantage of these great BENEFITS.

Once registered, this box will disappear. And you will see fewer advertisements :)

SMS Login Verification - Argh

jenib

Member
Joined
Feb 9, 2007
Messages
104
Ok, so I'm trying to work out what all the fuss here is. Out of curiosity, I clicked the button that said 'verify another way' (or similar) and was presented with the following:

View attachment 177219

Now if you can't answer:
- the DOB of the person
- the postcode per the users details
- date of joining (it's found on your FF card)
- the security question (which can be updated in your profile: My Account > Personal Information > Security Questions)

Then I daresay that you shouldn't be accessing said person's account. Don't get me wrong, it's certainly not user friendly, but there is an alternative way to access without needing to receive an SMS.
I am a fan of 2 factor authentication.
However, my mother is in Alaska on a cruise and sent me a rather cryptic email about missing points and asking me to check her QFF account. Yes - I am her travel "EA". Tried the 'verify another way' option, answered the questions and the system told me that her account was missing information. Annoying. Not earth shattering but inconvenient. When she gets back we will have to change the phone numbers or add some more info into her account for future access.
 

Chicken

Active Member
Joined
May 9, 2006
Messages
976
The Fake news is that was not what he said. You need to pay to enable roaming in many cases, which is needed to get the SMS. I don't activate roaming when I'm travelling
Are you sure?

Even Boost mobile doesn't, and they only charge like $12.5 per month for 6.6 GB download and it is operated by Telstra with full Telstra coverage in the middle of whoop whoop (different from Aldi / TeleChoice / Woolworths etc). Free roaming.

Though they're unfortunately another bank which has recently introduced onerous token restrictions on transactions as well.
Aren't they using the Suncorp app as keygen? (I have been using Suncorp for nearly 20 years, so I have some astronomical external bank transfer daily limit, without the need for using token)

HSBC, Citi both use app keygen.

Telstra most definitely do charge you for unanswered calls (that divert to messagebank) once they know you are roaming.
People always misunderstood this bit. You get charged if the call needed to exit Australia.

If you answer the call, the call goes A party > your service > overseas phone network > your phone, so you need to pay for this calls, in order to cover the cost of overseas network bit.

If you decide not to take the call, and divert it. it becomes A party > your service > overseas phone network > your phone > divert back to Australia > your voicemail / any AU phone number. This is even more expensive, because you are paying for 2 connections.

If you enable Call Foward All Calls (Telstra instructions) , then the call goes A party > your voicemail, never left Australia, so no charge.

Hence, the 100% safe way to manage this, is just to enable call forward all calls. Takes 10 seconds to key a code into your phone.
 

Daver6

AFF Supporter
Joined
Dec 31, 2011
Messages
4,563
Qantas
Platinum
Virgin
Red
Flights
My Map
Telstra most definitely do charge you for unanswered calls (that divert to messagebank) once they know you are roaming.
You really need to change providors then. That's ridiculous.
 

NM

Moderator
Joined
Aug 27, 2004
Messages
15,810
Qantas
LT Gold
Virgin
Red
Flights
My Map
So has anyone figured out how to get AwardWallet to get past the 2 factor authentication? Can it be done?
 

Pushka

AFF Supporter
Joined
Jan 26, 2011
Messages
15,284
Flights
My Map
Telstra most definitely do charge you for unanswered calls (that divert to messagebank) once they know you are roaming.
As does Optus. Well, it used to but we changed plans and added overseas calls a couple of months ago. Definitely were charged as soon as someone calls your number if you are overseas.

I don’t use iMessage.
 

PineappleSkip

AFF Supporter
Joined
Mar 30, 2007
Messages
994
Qantas
Platinum
Virgin
Red
Useful discussion. I work about 1/3 of the year in Somalia, and there now. This is where no Aus provider roams, and no Som provider roams to Au. But then not many Aussies roam around here anyway.

This setup gives SMS authentication #epicfail status and I avoid SMS 2FA like the plague. But thanks for the workaround upthread, opusman, I might give that a try.:)

I seem to have opted in to QFF’s 2FA without asking as I’d been getting these messages periodically for a few months. Horror when I first got a login response that they had sent me an SMS (i.e. flushed it down the toilet), but relief when I read the fine print ‘I need to verify another way’. Email authentication no problem. With the questions, the ‘what’s your postcode’ always a challenge when you have different residential and mailing postcodes and they don’t specify which one they want. Thanks for the sage advice about where to find the date of joining,:).

Different story with Qantas Money, I am completely locked out here, as they offer no alternative to SMS 2FA :mad:, unlike NAB and AMEX which both have mobile apps with fingerprint verification. For this reason alone I’m looking to ditch Qantas Money.

There is an upside though, here I am freed of telemarketers who don’t have international calling; sooo annoying when you get a 3 am call that disconnects when you answer it.

Cheers skip
 

Mrmaxwell

AFF Supporter
Joined
May 18, 2007
Messages
1,119
Qantas are not alone in this caper.

Many companies are only as good as their IT budget and security advisors.

SMS 2FA is basic and has been around for years. The better setups give you options to receive a text or an email....very easy for QF to setup they are being lazy. Those work experience IT kids are becoming annoying again.
 

Kremmen

Intern
Joined
Mar 25, 2007
Messages
84
IMO it would also make sense to build TOTP functionality into the Qantas app itself, like Facebook, Steam and others have done. No network required and most active FFs would have the app already installed.
That's a wild assumption. I have logins on over 500 web sites. I have no desire to download hundreds of apps in order to be able to use them. You get issues with updates, whether they work on your particular phone, whether they drain the battery by being badly behaved, the tracking done by Facebook via most apps, etc. SMS is universal. If you have a phone, SMS works. Even on a non-smartphone, SMS works.

Both my Hong Kong and Malaysian accounts are charged to receive SMS while outside the country.

Qantas has more than just Australian mobile numbers.
Given that the Qantas scheme is one of the worst value ones in the world, I would never have thought of that and I guess Qantas didn't either. :)

Which is why SQ asks if you want your messages via SMS or WhatsApp.
This, however, would make sense. There are banks in America which use SMS or email. A really smart move might be to allow SMS or WhatsApp or email!

Really? I'm surprised anyone who travels OS would be on a plan that requires you to pay to enable roaming. Even the most basic Vodafone plans don't cost a cent extra to enable OS roaming.
I doubt it's a cost issue. Some people just disable roaming altogether instead of bothering to just disable data. (Also, some dodgy prepaid systems didn't/don't allow roaming at all. That was actually the main reason I went with Amaysim years ago, when Lebara, etc, had no international roaming at all. It was purely to be able to receive 2FA SMS from banks and such!)
 

nlagalle

AFF Supporter
Joined
May 24, 2007
Messages
5,923
Qantas
Platinum
Flights
My Map
Telstra most definitely do charge you for unanswered calls (that divert to messagebank) once they know you are roaming.
Telstra most definitely don’t charge.. I’ve travelled for years with roaming on and was never charged for not answering an incoming call
 

Cool Cat Phil

AFF Supporter
Joined
May 2, 2013
Messages
1,881
Qantas
Platinum
Virgin
Red
Flights
My Map
Though they're unfortunately another bank which has recently introduced onerous token restrictions on transactions as well.
As you appear to be against SMS security, I’m curious to know what in your view is the most secure method to proceed with online transactions for Banking or Qantas Frequent Flyer ?
 

Pushka

AFF Supporter
Joined
Jan 26, 2011
Messages
15,284
Flights
My Map
As you appear to be against SMS security, I’m curious to know what in your view is the most secure method to proceed with online transactions for Banking or Qantas Frequent Flyer ?
Email works for me. MYOB accounting software does this.
 

Chicken

Active Member
Joined
May 9, 2006
Messages
976
So I just read AFF newsletter, and you can op out of SMS by switching to security questions instead. So all the boo ha ha here for nothing? Is the AFF article correct?
 

Daver6

AFF Supporter
Joined
Dec 31, 2011
Messages
4,563
Qantas
Platinum
Virgin
Red
Flights
My Map
That's a wild assumption. I have logins on over 500 web sites. I have no desire to download hundreds of apps in order to be able to use them. You get issues with updates, whether they work on your particular phone, whether they drain the battery by being badly behaved, the tracking done by Facebook via most apps, etc. SMS is universal. If you have a phone, SMS works. Even on a non-smartphone, SMS works.

I doubt it's a cost issue. Some people just disable roaming altogether instead of bothering to just disable data. (Also, some dodgy prepaid systems didn't/don't allow roaming at all. That was actually the main reason I went with Amaysim years ago, when Lebara, etc, had no international roaming at all. It was purely to be able to receive 2FA SMS from banks and such!)
You don't need an app for each website. Just use one single authenticator app, like Google Authenticator or Authy (there are a bunch more and free). No network connection required on your phone.

As for disabling data. Again, at least the last three version of Android and iOS for iPhone you can set your phone to allow roaming but disable roaming data (in fact, I believe it's the default setting). So nothing needs to be done when heading OS to have data disabled yet be able to receive SMS or calls.

As you appear to be against SMS security, I’m curious to know what in your view is the most secure method to proceed with online transactions for Banking or Qantas Frequent Flyer ?
TOTP, ie authenticator codes is more secure and less hassle as no requirement to be connected to any network.

While, I'm very much in the camp that SMS as the second factor is a poor choice, I'm all for more security. It really sounds like some people are just against it for the sake of it. People need to take more responsbility for their online security. The QF option of SMS is super easy if you can't receive a SMS. Just select the option to fill out a few more details. It isn't a big deal.
 

serfty

Moderator
Joined
Nov 16, 2004
Messages
40,692
Qantas
Platinum
Virgin
Platinum
Flights
My Map
So has anyone figured out how to get AwardWallet to get past the 2 factor authentication? Can it be done?
Qantas sent out emails last year notifiying members about the pending introduction of 2FA.

At that time I set up the challenge words on all the accounts I have attached to my award wallet and their 'phone numbers to mine and then set up award wallet with information.

I now receive 2 to 3 SMS's a day from QFF giving me a PIN to use.
 

Himeno

AFF Supporter
Joined
Jun 15, 2011
Messages
3,606
What sort of "security questions" does this nonsense have?

When ANZ started using security questions for their online banking, I became unable to access my account and ended up cancelling the card. They only had preset security questions to pick from. Not a single one of those questions had an answer that could be provided. An answer either did not exist or the question was better off not even thought about for mental health reasons.
 
  • Like
Reactions: ALH

Berlin

AFF Supporter
Joined
Mar 31, 2011
Messages
1,501
Different story with Qantas Money, I am completely locked out here, as they offer no alternative to SMS 2FA :mad:, unlike NAB and AMEX which both have mobile apps with fingerprint verification. For this reason alone I’m looking to ditch Qantas Money.
Just ditched my Qantasmoney card last week and it has given me a great feeling of relief :D
 

Chicken

Active Member
Joined
May 9, 2006
Messages
976
What sort of "security questions" does this nonsense have?

When ANZ started using security questions for their online banking, I became unable to access my account and ended up cancelling the card. They only had preset security questions to pick from. Not a single one of those questions had an answer that could be provided. An answer either did not exist or the question was better off not even thought about for mental health reasons.
You don't have to strictly follow the questions.

If the question is mother's maiden name, no one says you can't use the person in the office you hate most.

This thread is really now a thread of complaining just for the sake of complaining
 

AFF on Air Podcast

  • Choosing a Rewards Program – AIR017
    Sat, 10 Aug 2019 13:32:24 AEST
      If you’re new to the world of frequent flyer points – or moving to a new country – it can be difficult to know where to start. In this episode, Matt discusses the con ...
  • Travel Insurance – AIR016
    Sat, 27 Jul 2019 07:34:12 AEST
      They say that if you can’t afford travel insurance, you can’t afford to travel! In this episode, Matt chats to James Green about the importance of travel insurance, and ...
  • The Qantas Oneworld Award – AIR015
    Sat, 13 Jul 2019 02:07:50 AEST
      Learn how to fly around the world using your Qantas Frequent Flyer points as Matt chats to James Green, an award travel consultant at Frequent Flyer Solutions. This episode ...
  • Qantas Frequent Flyer Changes – AIR014
    Sat, 29 Jun 2019 00:40:35 AEST
      Last week, Qantas announced a major shake-up to its Qantas Frequent Flyer program. In this episode, former Head of Loyalty at Malaysia Airlines, Mark Ross-Smith, joins Matt ...
  • jb747’s Stellar Career with Qantas – AIR013
    Sat, 15 Jun 2019 03:00:41 AEST
      In this special edition of the podcast, Matt chats to John Bartels (a.k.a. jb747) about his flying career with Qantas, the A380, the QF30 incident, flight training, retirem ...

Community Statistics

Threads
82,422
Messages
1,908,459
Members
50,203
Latest member
Chaucer
Top