Go Back  FlyerTalk Forums > Miles&Points > Airlines and Mileage Programs > American Airlines | AAdvantage
Reload this Page >

MFA (Multi-Factor Authentication) - Finally Coming to AA

MFA (Multi-Factor Authentication) - Finally Coming to AA

Old Jun 21, 2023, 6:28 am
  #1  
Original Poster
 
Join Date: Jan 2011
Location: Philadelphia, PA
Programs: AAdvantage Exec Platinum, Hertz #1 Club Gold Five Star, IHG Platinum, Marriott Gold, HHonors Silver
Posts: 1,996
MFA (Multi-Factor Authentication) - Finally Coming to AA

Looks like MFA is finally coming to AA...It's about time! Welcome to 2010 AA IT!

https://viewfromthewing.com/american...tage-accounts/
GNRMatt is offline  
Old Jun 21, 2023, 6:43 am
  #2  
 
Join Date: Feb 2003
Location: Washington, DC
Programs: AA Executive Platinum/Million Miler, Marriott Titanium Elite-Lifetime, Hilton Gold
Posts: 3,118
Ugh. Being in IT, I know MFA is better, but god I'm so sick of having to do this on everything, especially sites (not saying this is AA) where my security isn't all that important. (Like, why do I need MFA on a website to order litter for my cat?!)

But, this is long overdue regardless of how annoying it might be.

One clarification to the article is that one can receive texts and even calls inflight. I don't answer the calls of course. However, if one has wifi calling enabled on their phone, the phone works like normal if you're in the air and connected to the plane's wifi.
lanslort and ksucats like this.

Last edited by USFlyerUS; Jun 21, 2023 at 6:53 am
USFlyerUS is offline  
Old Jun 21, 2023, 7:24 am
  #3  
 
Join Date: Dec 2003
Location: Washington, DC
Programs: Hyatt Globalist, AA Executive Platinum
Posts: 1,921
I really hate email MFA. I hope they offer SMS and/or TOTP.
hhdl, lsquare and MASTERNC like this.
murphy is offline  
Old Jun 21, 2023, 7:44 am
  #4  
 
Join Date: Sep 2000
Location: DCA/IAD
Programs: AA EXP; 1W Emerald; HHonors Diamond; Marriott Gold; UA dirt
Posts: 7,741
Well if they offer it via text, you won't be doing it on any aircraft unless you have two wifi accounts or switch off one device, switch on the other device, then revert back to the old device. Correct?
IADCAflyer is online now  
Old Jun 21, 2023, 7:44 am
  #5  
 
Join Date: Jan 2009
Location: OKC
Programs: IHG Spire, National Exec, AA Plat
Posts: 2,250
Authenticator app or nothing at this point.

SMS sometimes works in the air - if you have wifi access - but calls are a no-go at least from a legal standpoint. Also, many when travelling do not have access to SMS if they are roaming globally.
lowfareair and hhdl like this.
bchandler02 is offline  
Old Jun 21, 2023, 8:05 am
  #6  
 
Join Date: Feb 2003
Location: Washington, DC
Programs: AA Executive Platinum/Million Miler, Marriott Titanium Elite-Lifetime, Hilton Gold
Posts: 3,118
Originally Posted by IADCAflyer
Well if they offer it via text, you won't be doing it on any aircraft unless you have two wifi accounts or switch off one device, switch on the other device, then revert back to the old device. Correct?
Depends. I buy the "two device" plan, so I have my laptop and cell connected at the same time. I used to do the flipping back and forth but got sick of the pain associated with that. However, your point is valid in that if you connect with your laptop with a one device option, you'd have to switch back and forth.

However, I don't think they would implement an SMS option, as technically cell phones aren't supposed to work when in the air. Enabling wifi calling is a loophole of sorts.
USFlyerUS is offline  
Old Jun 21, 2023, 8:10 am
  #7  
FlyerTalk Evangelist
 
Join Date: Aug 2012
Location: KHOU/KIAH
Programs: AA EXP | Marriott Bonvoy Titanium| Hyatt Globalist
Posts: 10,995
Originally Posted by USFlyerUS
Depends. I buy the "two device" plan, so I have my laptop and cell connected at the same time. I used to do the flipping back and forth but got sick of the pain associated with that. However, your point is valid in that if you connect with your laptop with a one device option, you'd have to switch back and forth.
You can also tether your device and share the connection.
bchandler02 and USFlyerUS like this.
Antarius is offline  
Old Jun 21, 2023, 8:15 am
  #8  
 
Join Date: Feb 2003
Location: Washington, DC
Programs: AA Executive Platinum/Million Miler, Marriott Titanium Elite-Lifetime, Hilton Gold
Posts: 3,118
Originally Posted by Antarius
You can also tether your device and share the connection.
Good point!
Antarius likes this.
USFlyerUS is offline  
Old Jun 21, 2023, 11:27 am
  #9  
 
Join Date: Aug 2022
Programs: AA Executive Platinum (Oneworld Emerald)
Posts: 135
While long overdue, I agree with others in this thread that email (or text, or TOTP for that matter) MFA gets annoying real quick. Hopefully this will only be used on new/untrusted device logins.
ZenFlyer, Antarius and lowfareair like this.
Acidity is offline  
Old Jun 21, 2023, 2:36 pm
  #10  
 
Join Date: Jun 2001
Location: New York, NY
Posts: 3,698
Originally Posted by Acidity
While long overdue, I agree with others in this thread that email (or text, or TOTP for that matter) MFA gets annoying real quick. Hopefully this will only be used on new/untrusted device logins.
From the VFTW article it sounds like it will only support e-mail, so the OP "welcome to 2010" was pretty on point.

Given that it's now 2023, they should be supporting passkeys or at least hardware keys since (a) those technologies would let you login to aa.com on a plane without access to your e-mail provider, and (b) are actually phishing resistant. But I know it's AA we're talking about here, so unsurprising this is implemented poorly.
jordyn is offline  
Old Jun 21, 2023, 2:41 pm
  #11  
Suspended
 
Join Date: Sep 2019
Posts: 2,094
Originally Posted by GNRMatt
Looks like MFA is finally coming to AA...It's about time! Welcome to 2010 AA IT!

https://viewfromthewing.com/american...tage-accounts/
Great, so every senior citizen will have one more additional hassle to deal with, requiring assistance from another person.
fdog, sdsearch, adeleswart and 2 others like this.
WeekendTraveler is offline  
Old Jun 21, 2023, 2:45 pm
  #12  
FlyerTalk Evangelist
 
Join Date: Aug 2012
Location: KHOU/KIAH
Programs: AA EXP | Marriott Bonvoy Titanium| Hyatt Globalist
Posts: 10,995
Originally Posted by jordyn
From the VFTW article it sounds like it will only support e-mail, so the OP "welcome to 2010" was pretty on point.

Given that it's now 2023, they should be supporting passkeys or at least hardware keys since (a) those technologies would let you login to aa.com on a plane without access to your e-mail provider, and (b) are actually phishing resistant. But I know it's AA we're talking about here, so unsurprising this is implemented poorly.
Yup. Email OTP is also not solving the issue of compromised accounts. If you can request a password reset and confirm it and the OTP from the same compromised email account, nothing has changed.
wrp96 likes this.
Antarius is offline  
Old Jun 21, 2023, 3:38 pm
  #13  
 
Join Date: Nov 2007
Location: Los Angeles
Programs: AA LT Gold
Posts: 3,591
Ugh.
+1
Hate MFA.
Even more so when it is SMS and it is a website or app that I need to use when I am abroad.

SMS and cellphone reception can be terrible, particularly in foreign cities where construction is mostly concrete and bricks and mortar. I have to go out to the street or near a window facing the outside out to receive the verification SMS.
carlosdca is offline  
Old Jun 21, 2023, 5:16 pm
  #14  
 
Join Date: Jan 2006
Location: SFO, CLT
Programs: AA Bonsai EXP (2.9 MM), AS MVPG
Posts: 1,370
Mark me in the camp that thinks this is unnecessary. Brokerage accounts, yes. Bank accounts, yes. HIPAA-protected data, yes. Frequent flyer accounts, really?
DASRTR, WeekendTraveler and MarkOK like this.
TheDudeAbides is offline  
Old Jun 21, 2023, 7:43 pm
  #15  
 
Join Date: Mar 2012
Posts: 145
Originally Posted by TheDudeAbides
Mark me in the camp that thinks this is unnecessary. Brokerage accounts, yes. Bank accounts, yes. HIPAA-protected data, yes. Frequent flyer accounts, really?
I think it is necessary, but only for "risky" operations. Normal login should not require MFA. I agree that would be ridiculous. But such things as redeeming miles for somebody else, changing password or email, etc, these should require MFA confirmation.
hbtr, bchandler02 and ijgordon like this.
lostfly is offline  

Thread Tools
Search this Thread

Contact Us - Manage Preferences - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service -

This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.