topdeck747

As a victim of the whole debacle detailed at Your account is temporarily unavailable where my account was unceremoniously locked and my only recourse was to sit on the phone with BA for an hour so, how is it still the case that BAEC does not have 2 factor authentication? Passport info et. al contained within your account. It's nuts that you can't turn it on. It's also kind of ironic because BA asks you for your cell phone number at basically every turn (BAEC profile, booking, emergency information etc.)

scottishpoet

https://www.flyertalk.com/forum/brit...tive-club.html

Suggestion from this thread recently is that they are, in some cases using 2fa

I did have to use 2fa to log into the exec club app on my phone recently

plunet

With the perilous state of BAs IT be careful of what you wish for. But fully agree 2FA is necessary and hopefully BA can find a way to enable it as a consistent reliable experience that offers improved security without frustration and friction.

lgladdy

You should get it if you get sent to the new BA website (which seems to be in A/B testing) at https://www.britishairways.com/nx

It seems to be called BA Nexus, which I guess might be the internal code name for the new website and services.

lgladdy

It looks like this new 2FA will only be asked for if you login via the new website which is in segmented testing at https://www.britishairways.com/nx

That said, passkeys don't ever seem to work for me. I always get a "Try again something went wrong" error and have to use SMS 2FA instead.

Howard Long

Absolutely right.

2FA has to be bullet proof, both technically and practically.

One of the better implementations is Amex, where they send both an email and a text message to authorise online payments: that way, you have a backup method in case one is unavailable.

Retron

Interesting, that brings up the same thing now that the BA Shopping site does.

It's technically 2FA, but different to anything else I've used: it pops up a Windows dialog asking me to use face or fingerprint recognition, but actually just asks for a PIN, the same one I use to sign into Windows. (Just as well, as this is a desktop PC without a fingerprint reader or webcam).

This is with Firefox on WIndows 11 23H2, preview release. I've not seen what happens when I use a different PC yet!

scottishpoet

if you click on 'try another method' you get the option of an sms code, email, or using your 'recovery code'
i suspect your pin is your recovery code.

It seems to default to what you last used

scubadu

I must admit, I'm a bit nervous about this. I very much support increased security, but for reasons I am unable to grasp, BAEC has decided that my US based cell phone number is in fact a Canadian phone number. The address on my account is clearly US based and I literally never selected "Canada" as my country code when I put my phone number in. If they force SMS to my phone as the 2FA method I don't think it will be a problem, given that the US and Canada share a "country code" (for dialing purposes) but I don't know if this will present a problem.

I've updated the country to "US" on my phone number and saved the changes in my BAEC account more times than I can count, but it just never sticks.

Gotta love BAEC IT capability where even the simple can be made infinitely complex...

Regards

P.S. I literally just tried it again while typing this post just for fun. I changed the field "Country/Region where your mobile/cell phone is registered" from "Canada" to "USA" Clicked "Save changes" then clicked "Save and exit" Then went back to "Update my personal information" and "Country/Region where your mobile/cell phone is registered says... wait for it... Canada!

scottishpoet

Did you try the 2fa using the link above and logging in? Did it work?

scubadu

Nope and no plans to try it. My point was that I'm a little nervous regarding if/when they force 2FA on me because of the incorrect country for my phone number (which the system won't let me correct).

I am NEVER a fast follower when it comes to BA IT changes and frankly I'm perplexed by the number of people here that are "fast followers" for something like 2FA given what we know about BA's IT capabilities (or lack thereof)

Regards

scottishpoet

as you memtioned it will probably work as the country codes are the same. They will be storing +1 rather then US and then doing lookup of what to display based on the +1 and finding canada first

I get the sms to my polish number no problem

You can use email rather than sms

My limited testing, the 2fa works for me.

Hydebear

Yes ! My options included using an Authenticator app instead of the (less secure) SMS method. This generates the access codes on your phone without needing any network access after you've set it up so avoids many of the issues that SMS validation has.

This worked seamlessly for me.

scottishpoet

what are you using where you see an authenticator app? Where did you get info where to download that app from?

My options :

Hydebear

I logged in via Safari on an iPad running ios17.2 - the Authenticator app option was at the top of the list. My Authenticator app gives the following validation output ( with full 6 digit code! )

I've been using Authenticator apps for quite a while and there's plenty of choice ( Microsoft, Google, LastPass etc ) and once you get used to the interruption in flow they work well



When I try to log in to the Nexus site now this is what I see ( complete with terrible case-sensitive Captcha).


Once you've gone through this step you get the following:



You input the code generated by the Authenticator app. After that you get the option to create a Passkey ( which I didn't do and that caused an error but allowed me to continue to the site proper )