Originally Posted by
Zorak
Does any airline use 2FA? Given the potential to screw with existing itineraries, and use valuable (maybe
) FF points, 2FA doesn't seem like a bad idea. OTOH for an airline program login you can reasonably anticipate someone might try to access it from the air. Which is ok for Delta with free in-flight messaging, if you have a supported mobile carrier.
And while there are code generator apps and U2F keys, I can understand why they might not want to impose this on everyone.
Easiest way to implement 2FA is just sending a text message to a mobile phone. That is something that DL can easily do and that 99.99% of pax will be able to get. As DL isn't a bank, there's no need for a 2FA generator device ("token"). Of course there's plenty of apps that do that also and will work offline, so someone who doesn't want it as text messages could always install and configure one of the apps (scan the DL account 2FA barcode).
Then just do a partial 2FA implementation, if DL same as banks thinks that Americans are too dumb*. REQUIRED for bookings for third parties (not name on account), originating in high risk countries, closer than 72 hours in. Not required for other cases. Simple! Just implement for the higher risk cases, whatever those are, but not all (IMO of course should be implemented across the board, but..).
*(US is practically the only country not to require 3D Secure for online CC transactions by law, and is truly the only country in the world not to use chip-and-PIN for all CC transactions - apparently Americans can't remember a 4 digit PIN, or so appears based on the inaction by American banks.)