Originally Posted by
Misco60
Realistically, though, there is little chance of BA introducing such security
Why? It's not exactly complicated to implement these days. I've set it up on all servers with remote access that I manage - for web, SSH and mobile VPN user access. There are quite a few commercial MFA solutions available off the shelf and many allow self-enrolment. If Amazon, PayPal, Linkedin,
Finnair and
Qantas* can do it, why not BA?
Originally Posted by
Misco60
and it is our responsibility to protect our accounts with strong and unique passwords. There is really no excuse now for anyone not being aware of the dangers of using the same email address and password on multiple websites.
I agree that nobody should be using the same password across multiple sites but I also feel that airlines and other sites should be providing a multifactor authentication option. It protects both the consumer and supplier.
* note that Qantas only supports SMS second factor authentication which is insecure and is no longer recommended by NIST. I've included Qantas because they've made
some effort to improve security, even if it's not up to current standards. BA has made zero effort.