2 factor authentication
Aug 17, 2022, 3:26 pm
#16
Join Date: Jun 2001
Location: New York, NY
Posts: 3,698
Aug 17, 2022, 3:29 pm
#17
Join Date: Jun 2001
Location: New York, NY
Posts: 3,698
The idea isn't that it's something you desire to do in your daily workflows, but that you desire for a hacker to be unable to do it when they somehow get hold of your password. As with many security features, they add some amount of inconvenience, but the best versions (e.g., U2F) aim to minimize that inconvenience while maximizing the security value.
Apr 8, 2023, 10:37 am
#18
FlyerTalk Evangelist
Join Date: Dec 2000
Location: PHL, NYC
Programs: AA PLT, DL SLV, UA SLV, MR LTT, HH DIA
Posts: 10,081
I learned at 7am today that someone hacked my account when my password was failing and I saw emails from 6am that my password and account info was updated.
I was able to get back in with my security questions and found a name, address, phone and email in the UK was attached to my account. I changed my info back, updated my password and security questions.
Points were not taken and future trips were still in tact. It was at this point I searched for MFA options but, as mentioned upthread, this is not a priority for AA.
Did I catch the issue quick enough (1 hour) that the hacker didn’t have time to muck with my account? Or should I be worried they may already have info they need to call in and redeem trips over the phone?
I was able to get back in with my security questions and found a name, address, phone and email in the UK was attached to my account. I changed my info back, updated my password and security questions.
Points were not taken and future trips were still in tact. It was at this point I searched for MFA options but, as mentioned upthread, this is not a priority for AA.
Did I catch the issue quick enough (1 hour) that the hacker didn’t have time to muck with my account? Or should I be worried they may already have info they need to call in and redeem trips over the phone?
Apr 8, 2023, 4:57 pm
#20
FlyerTalk Evangelist
Join Date: Oct 2014
Posts: 10,904
I learned at 7am today that someone hacked my account when my password was failing and I saw emails from 6am that my password and account info was updated.
I was able to get back in with my security questions and found a name, address, phone and email in the UK was attached to my account. I changed my info back, updated my password and security questions.
Points were not taken and future trips were still in tact. It was at this point I searched for MFA options but, as mentioned upthread, this is not a priority for AA.
Did I catch the issue quick enough (1 hour) that the hacker didn’t have time to muck with my account? Or should I be worried they may already have info they need to call in and redeem trips over the phone?
I was able to get back in with my security questions and found a name, address, phone and email in the UK was attached to my account. I changed my info back, updated my password and security questions.
Points were not taken and future trips were still in tact. It was at this point I searched for MFA options but, as mentioned upthread, this is not a priority for AA.
Did I catch the issue quick enough (1 hour) that the hacker didn’t have time to muck with my account? Or should I be worried they may already have info they need to call in and redeem trips over the phone?
Apr 9, 2023, 11:11 am
#21
Join Date: Oct 2015
Location: LA
Programs: AA CK, Hyatt Globalist, Marriott Platinum.
Posts: 18
Mine was hacked a year or two ago — they found the guy who did it and used all the miles, but said I had to report it to local police in his jurisdiction and they wouldn’t refund the miles until something substantial happened… I had to get a new AAdvantage number and everything.
Jul 13, 2023, 7:43 pm
#22
Join Date: Apr 2014
Location: ROC
Programs: AA Exec Plat; NEXUS
Posts: 76
So......this happened to me this morning (07/13/23):
https://viewfromthewing.com/american...tage-accounts/
I had logged in late last night (07/12/23) (more than once) just fine, like normal.
This morning I logged in like usual on the Login page, BUT...... instead of actually logging me in it took me to a page w/ 6 small boxes asking for my verification code that it had emailed to me. I checked my email & sure enough there was an email from American Airlines.
Once I copied/pasted the code I was then in like normal (w/ my name in the light blue box up top.
No warning this was coming. I thought I'd been spammed at first. UGH, what a pain !!
https://viewfromthewing.com/american...tage-accounts/
I had logged in late last night (07/12/23) (more than once) just fine, like normal.
This morning I logged in like usual on the Login page, BUT...... instead of actually logging me in it took me to a page w/ 6 small boxes asking for my verification code that it had emailed to me. I checked my email & sure enough there was an email from American Airlines.
Once I copied/pasted the code I was then in like normal (w/ my name in the light blue box up top.
No warning this was coming. I thought I'd been spammed at first. UGH, what a pain !!
Jul 31, 2023, 6:56 am
#24
Suspended
Join Date: Sep 2019
Posts: 2,094
Suddenly two-factor authentication is required on my AA account.
At least I was able to access my email account at the same time, which was significantly less frustrating than an experience with Target on the same day: Target required the same suddenly as I was in the process of trying to pay with my phone at a self-checkout device.
At least I was able to access my email account at the same time, which was significantly less frustrating than an experience with Target on the same day: Target required the same suddenly as I was in the process of trying to pay with my phone at a self-checkout device.
Jul 31, 2023, 1:55 pm
#27
Join Date: Apr 2014
Location: ROC
Programs: AA Exec Plat; NEXUS
Posts: 76
I do almost always log into AA w/ Firefox on my home computer. Maybe some cookies or something are saved. We'll see going forward.
I also always keep track of my husband's AA stuff (both our trips together & his work trips w/o me). I usually use Chrome to log into his AA acct (just so I don't have to keep re-entering our login info in Firefox every time). I just logged in as him in Chrome & it still has not asked for a verification code.
Mar 8, 2024, 3:20 pm
#28
Join Date: Jan 2006
Location: SFO, CLT
Programs: AA Bonsai EXP (2.9 MM), AS MVPG
Posts: 1,395
Logged in twice today. Both times I was asked for a verification code. First time it has ever happened to me. What a pain in the rear. VPN related, maybe? I hope this isn't going to happen every.single.time that I log in.
Mar 8, 2024, 4:18 pm
#29
FlyerTalk Evangelist
Join Date: Aug 2012
Location: KHOU/KIAH
Programs: AA EXP | Marriott Bonvoy Titanium| Hyatt Globalist
Posts: 11,291
It's started for me too. Although its intermittent. 3 out of 4 maybe?