Originally Posted by
ziggy29
Hard to say. My guess (retired IT guy) is that they have decided it's cheaper to occasionally restore someone's miles after being hacked than invest in all the tech upgrades and system redesign required to implement a more secure and robust 2FA protocol.
Yeah, they're just not that motivated because the exposure is pretty low compared to a bank or brokerage firm, for example.
Some FFPs now do use 2FA, AC, AF, and SQ being a few that immediately come to mind.