Originally Posted by
Repooc17
Let's say UA had MFA, how would it be enabled while someone is in the air and have not purchased wifi? Is there an alternative than sending a text for validation?
Yes. They could do what they'd do if they took it seriously, which is hand out hard tokens to passengers after verifying their ID.
More realistically, they could use one of several available token generators, e.g., Google Authenticator. Most of these apps accept push notifications; however, if you aren't in a position where push notifications are available, you can also either (a) enter the current code from your device, or (b) do a challenge / response sequence. I have apps that do both. So, the process is that you set up the soft token ahead of time -- this would generally involve logging in and downloading a payload, probably via a link from the app -- and then accessing it later.
But, again, you're talking about storing the second factor on the same device the user is likely using to access the site in the first place, which negates the value.