I've gotta join the bandwagon dumping on SQ here.
Any organization that doesn't offer two-factor auth through OTP is simply incompetent today. This is
trivial to build.
Add to that the utterly unacceptable six-digit pin used by SQ and we have an organization that clearly needs to rethink its IT security.
SQ is 100% at fault for not making it possible for their customers to keep accounts secure.
Originally Posted by
lokijuh
At the very least, a more sophisticated password could be used. Many airlines have moved to membership number + surname + 8 character password to access FF accounts, some also have challenge questions. One assumes there is a reason for them doing this, and perhaps SQ could move beyond a 6 digit number.
This is just
barely better than requiring a password. At the end of the day is still one-factor authentication. Challenge questions are a useless attempt at security.