FlyerTalk Forums
Page 1 of 2
1
2
Show 40 post(s) from this thread on one page

FlyerTalk Forums (https://www.flyertalk.com/forum/index.php)
-   American Airlines | AAdvantage (https://www.flyertalk.com/forum/american-airlines-aadvantage-733/)
-   -   2 factor authentication (https://www.flyertalk.com/forum/american-airlines-aadvantage/2073174-2-factor-authentication.html)

sam007 Mar 24, 2022 12:28 pm
2 factor authentication
 
Has anybody been able to figure out if American Airlines' website supports 2 factor authentication

Thx

Antarius Mar 24, 2022 12:51 pm
Lol.

AA.com can barely let you book flights, and the app can't even keep you logged in. 2FA is a pipe dream

donotblink Mar 24, 2022 5:29 pm
Genuine question to the op? Has your aa account been comprised before?

sam007 Mar 24, 2022 5:43 pm
Never but I can't recall any provider that has any value in $ or miles where I haven't turned on 2-factor

ebuck Mar 25, 2022 8:08 am
AA's idea of 2-factor authentication is entering your AAdvantage number AND your last name!

PHL Mar 25, 2022 8:26 am
I envision in the next few years this may become a thing with sites like this that retain customer info and balances, be it money or other currently like airline points. Or, when AA gets hacked in a majorly embarrassing and expensive way. I'm guessing that the level of mileage theft is low enough that it's not a priority.

platbrownguy Mar 25, 2022 10:16 am
Originally Posted by PHL (Post 34105691)
I envision in the next few years this may become a thing with sites like this that retain customer info and balances, be it money or other currently like airline points. Or, when AA gets hacked in a majorly embarrassing and expensive way. I'm guessing that the level of mileage theft is low enough that it's not a priority.
This is unfortunately true. I detest 2 factor authentication and have had nothing but trouble with some websites (e.g. Amtrak) where I can no longer log in without clearing cookies every single time (otherwise when I enter the authentication code, it simply loops back and sends me a new code, over and over). And don't get me started on the "captcha" stuff (one of many reasons why I can't imagine being a Hilton person).

PHL Mar 25, 2022 10:45 am
Originally Posted by platbrownguy (Post 34106049)
...And don't get me started on the "captcha" stuff (one of many reasons why I can't imagine being a Hilton person)..
^^THIS^^^

Hilton has to have one of the worst major brand travel sites in the world. Fortunately, using the iOS app doesn't have the CAPCHA problem.

EXP100 Mar 25, 2022 2:13 pm
Is it just me but I have no desire when I'm trying to pull the app up in the airport/AC for any number of reasons and needing to get a code text to me to do so.

opus2002 May 3, 2022 7:02 pm
My relative's account was hacked. 600k miles gone. So, I for one would prefer to have two factor authentication.

lightbulbs May 5, 2022 11:30 pm
I too usually use two factor on websites that support it but for aa.com I actually wish they would implement recognized customers so that for low security things like viewing itineraries, miles, history it wouldn’t require me to log in so often and just prompt for recent authentication via password when doing something high security (eg redeeming miles for a booking, making a booking using a saved credit card, etc). I feel like I am logging in using credentials so often on aa.com.

_kurt May 6, 2022 5:01 am
Originally Posted by EXP100 (Post 34106767)
Is it just me but I have no desire when I'm trying to pull the app up in the airport/AC for any number of reasons and needing to get a code text to me to do so.
SMS is one of the less secure and also less convenient 2nd factors. Almost as bad as email. If AA would support U2F, or TOTP apps like Google Authenticator, that would be great. I’m so tired of solving 3 captchas just to make a single Hilton reservation but it doesn’t have to be like that.

Antarius May 6, 2022 8:47 pm
Originally Posted by _kurt (Post 34225953)
SMS is one of the less secure and also less convenient 2nd factors. Almost as bad as email. If AA would support U2F, or TOTP apps like Google Authenticator, that would be great. I’m so tired of solving 3 captchas just to make a single Hilton reservation but it doesn’t have to be like that.
SMS isn't particularly useful for 2FA on a phone anyway. If you have access to the phone, then you'll likely have access to SMS too.

cfortan Aug 17, 2022 9:51 am
Originally Posted by EXP100 (Post 34106767)
Is it just me but I have no desire when I'm trying to pull the app up in the airport/AC for any number of reasons and needing to get a code text to me to do so.
A properly built app would allow fingerprint or face id as the second authentication for devices that support it. All websites, where it matters, should support MFA, especially if they are accessed via a web browser.

MASTERNC Aug 17, 2022 11:23 am
Our IT training just showed how someone can even avert the push notification 2FA by directing you to a bad website, capturing the cookie data fed back after the 2FA, and then pasting it into the web browser code. Nothing is perfect.


All times are GMT -6. The time now is 6:12 am.
Page 1 of 2
1
2
Show 40 post(s) from this thread on one page


This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2026 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.