Originally Posted by
Boraxo
Well it's not too hard to research birthdays - often posted on social media, numerous data breaches, and the 100s of people search websites. And of course all the databases that you listed. And let's not get started on SSNs. Good luck finding KTNs on any public websites. I'm not too worried about scammers breaking into travel agencies, they are usually shooting higher.
That said I would also prefer the 2FA via SMS, which is what I get from UA every time I log into the website.
I suppose this depends on who the "attacker" is -- KTN is probably a reasonable defense against an attack from a random, unaffiliated source (e.g. "random hacker") but I'd posit that it's not particularly effective with a motivated, and particularly a motivated and affiliated source (e.g. someone who really wants to mess with a specific public figure or especially an angry ex-(boyfriend/girlfriend/spouse/partner/employee/boss)