Just read a blog post about hackers guessing or brute-force hacking the record locator code of Global Distribution Systems to cancel, modify, your flights.

Guess it's too much to expect airlines to support 2-factor authentication in order to access these reservations?

I know you can access some of them without having an account on the airlines' websites, just knowing the last name and the locator code.