SMS Login Verification - Argh | Page 8 | Australian Frequent Flyer
Australian Frequent Flyer

Welcome to Australia's leading independent Frequent Flyer and Travel Resource since 1998!
Our site contains tons of information that will improve your travel experience.

Joining AFF is fast, simple & absolutely free - register now and take immediate advantage of these great BENEFITS.

Once registered, this box will disappear. And you will see fewer advertisements :)

Login Now to remove this and all advertisements (GOLD and SILVER members)
Not a member? Register Now for free

SMS Login Verification - Argh

Mr_Orange

Established Member
Joined
Jun 17, 2013
Messages
4,507
Flights
My Map
Seriously who came up with the idea of SMS verification for login?
  • Nobody wants to pay for receiving SMS while outside of Australia
  • What % of Qantas members travel overseas and pick-up local sim cards?
  • SMS are not free - Qantas is paying for each MT SMS. Even higher costs to some non-AU destinations
  • Australia is one of the last remaining countries in the world still hanging on to SMS.
I may never login to my Qantas on the web, ever again.

Does anyone else find SMS log-in super annoying?
Paypal uses SMS too which amazes me. Again, either Microsoft's or Google's MFA app would be better.
 

moa999

Enthusiast
Joined
Jun 23, 2003
Messages
10,352
Flights
My Map
Assume I also had an awsrdwallet Iogin so just cleared it.
Personally think QF has gone a bit too far. Really only need the second step for transfers or detail changes
 

Kremmen

Member
Joined
Mar 25, 2007
Messages
115
You don't need an app for each website. Just use one single authenticator app, like Google Authenticator or Authy (there are a bunch more and free). No network connection required on your phone.
I know. The comment I was replying to was talking about "build TOTP functionality into the Qantas app itself".
 

davidj

Active Member
Joined
May 9, 2009
Messages
533
Since when does it cost money to receive sms? Pretty much all financial linked sites will sms a code when either logging on or pushing through a transaction. Not sure what the problem is.

Fake news? Trolling?
 

Pushka

Enthusiast
Joined
Jan 26, 2011
Messages
18,220
Flights
My Map
So I just read AFF newsletter, and you can op out of SMS by switching to security questions instead. So all the boo ha ha here for nothing? Is the AFF article correct?
That’s the bit where we discussed dob and year of joining upthread ;). As there was no notification that dual log in was to be launched this week then legitimate others might not know these details.
 

Pushka

Enthusiast
Joined
Jan 26, 2011
Messages
18,220
Flights
My Map
Since when does it cost money to receive sms? Pretty much all financial linked sites will sms a code when either logging on or pushing through a transaction. Not sure what the problem is.

Fake news? Trolling?
My experience over the last 2 years of this with Qantas is that sms are not always received when os and in Australia they aren’t always sent in a timely manner.

Trolling? Check the identity of people commenting.
 
Joined
Jan 20, 2015
Messages
209
Flights
My Map
Haven't read every post, so sorry if this is a repeat... there are a couple of angles from our perspective.
First - Mobiles
Then - Qantas

In the past I have experimented with various techniques for managing international roaming costs, but these days we don't bother with local SIMs etc but use our mobiles as little as possible, and mostly use wifi.
For connectivity we just used (note past tense) PAYG charges as needed the occasional call for coordinating local accommodation, taxis etc and if someone from home called they would leave a voicemail, and I called them back via VOIP on wifi for next to nothing.

So in May we headed off to USA and Europe for 6 weeks thinking we had our usual phone service arrangements.
Arrived in US and wondered why phone was not roaming ... contacted Mynetfone support and informed, Oh yes we cancelled your PAYG roaming and if you want to connect you need to buy a "pack" and pay $10 for each day when you send 1 SMS, or make 1 call, or receive a call. And you get 200MB of data.
Reason ? too many of their customers were having "bill shock" from data roaming.
Apart from the annoyance of the commercial proposition, the fact they cancelled the roaming service without informing me I found shocking.

OK, fair reason to have the "pack" as a commercial offering, but why penalise customers like us who don't use mobile data roaming, and actually understand the system. I have been roaming on international trips ever since GSM made it possible and never had "bill shock".

Our previous trip over a month in Europe and our total roaming charges were around $15, so ....
No Thanks !

Anyway, we muddled through 6 weeks with just wifi / VOIP / emails etc. There were a couple of occasions where I really would have liked mobile voice connectivity and would probably have spent $10-20 quite happily. Never mind as I have switched phone providers to one where they still have PAYG at acceptable rates.

So, Qantas...
That Qantas money website ONLY works via SMS authentication is hopeless.
Due to the issue above we could not receive an SMS, and found it impossible to access my wife's account even though we had perfectly good wifi internet access.

I have recollection (but not sure) that it previously also worked with an email verification, but maybe I am confusing with the QFF site.

While in NYC we tried calling the QF money support line simply to find out how much was owing for the payment we knew would be due.
As a separate issue, we were continually disconnected when trying to get through the menu - I suspect there may have been an incompatibility between the phone tones from the phone we were using and the QF IVR receivers.

The only good thing ...
Using the Qantas Money app on your phone, you don't need the SMS as for some reason they accept the access from your phone with the passcode.
I had the app on my phone and could access my account, but we could not access my wife's credit card account as she did not have the app on a separate device.

The moral of story ...

Instal the app.
 

odysseus

Established Member
Joined
Feb 16, 2009
Messages
1,188
As you appear to be against SMS security, I’m curious to know what in your view is the most secure method to proceed with online transactions for Banking or Qantas Frequent Flyer ?
Actually, I'm not against SMS security, per se.

I'm against enforcement of only one type of security, without allowing for other circumstances.
 

downgraded

Member
Joined
Apr 2, 2014
Messages
361
That’s the bit where we discussed dob and year of joining upthread ;). As there was no notification that dual log in was to be launched this week then legitimate others might not know these details.
I know you have to get in first, potentially with SMS, but then you can change your alternative security questions yourself to a number of choices you hopefully know the answer to (or as pointed out earlier, provide random words for the questions so you're not giving away those personal details.
 

moa999

Enthusiast
Joined
Jun 23, 2003
Messages
10,352
Flights
My Map
Not a big fan of the alternate questions - even more of your info released into the public domain when the next hack occurs - also a report above that even when they were set, still wasn't allowing awardwallet to login.

Got no issues with SMS per se (but just use it for transactions or detail changes only)
 

Steamrollersam

Junior Member
Joined
Jan 27, 2019
Messages
21
Not a big fan of the alternate questions - even more of your info released into the public domain when the next hack occurs - also a report above that even when they were set, still wasn't allowing awardwallet to login.

Got no issues with SMS per se (but just use it for transactions or detail changes only)
I don’t know what most other people do, but you can give “false” answers to these security questions that mean something to you. Mother’s maiden name? Starfish. Favourite subject in school? Cool bananas. You don’t have to put the real answers to the security questions as long as you’re consistent?!?
 

mattm199

Member
Joined
Apr 9, 2007
Messages
134
I've had several SMS with verification codes when I haven't accessed the website of been using the app. No points activity when I've checked the site.
I wonder if AwardWallet is triggering this if trying to background update the points balance?
Anyone else had these mystery SMS codes?
 

AustraliaPoochie

Established Member
Joined
Feb 9, 2014
Messages
4,209
I've had several SMS with verification codes when I haven't accessed the website of been using the app. No points activity when I've checked the site.
I wonder if AwardWallet is triggering this if trying to background update the points balance?
Anyone else had these mystery SMS codes?
Maybe someone knows your QFF number, surname and 4 digit number?
Only speculating/guessing.
 

Chicken

Established Member
Joined
May 9, 2006
Messages
1,188
But that's the problem. Whether or not they are real answers, the fact that they are consistent is a security risk on other sites if there is a breach.
So you use a different random password, changed regularly, for each different site, with a password manager?
 

pauly7

Established Member
Joined
Dec 8, 2004
Messages
4,915
But that's the problem. Whether or not they are real answers, the fact that they are consistent is a security risk on other sites if there is a breach.
They just have to be consistent with whatever you have logged with QF, not other sites.



Yes it’s not perfect. What is in life? But honestly it seems like everyone has lost all their brain cells over this one! (Not directed at you @moa999)
 

Mrmaxwell

Established Member
Joined
May 18, 2007
Messages
1,195
Apple iCloud gives you three options for verification; SMS, code via email and code via phone call.

Much easier does not take a rocket scientist to implement.

Giving people the option to hand over all their personal info for 'secret' questions is insulting.
 
Top