Two Factor Authentication (2FA) added to Executive Club login
Nov 15, 2023, 9:25 am
#46
Join Date: Oct 2014
Location: Krakow
Programs: BAEC Silver, Miles and More(FTL), IHG(Platinum), Accor, HHonors(Diamond), SPG, Hertz Five Star
Posts: 5,946
Thanks, I do not have an Ipad, I have tried on Andriod and on windows. I too have authenticator apps for other sites I use
Nov 16, 2023, 7:36 am
#48
Join Date: Sep 2008
Location: AUS
Programs: BAEC Gold, AA PPro, Hyatt Globalist, Amex Plat
Posts: 7,044
as you memtioned it will probably work as the country codes are the same. They will be storing +1 rather then US and then doing lookup of what to display based on the +1 and finding canada first
I get the sms to my polish number no problem
You can use email rather than sms
My limited testing, the 2fa works for me.
I get the sms to my polish number no problem
You can use email rather than sms
My limited testing, the 2fa works for me.
Regards
Feb 15, 2024, 6:08 am
#49
Join Date: Jul 2012
Location: The North
Posts: 1,848
Two Factor Authentication soon becoming mandatory?
Just received the following email from BA:
Dear Customer,
At British Airways, we're committed to ensuring your data is secure.
We wanted to let you know that we're adding an extra step when you log in to your Executive Club account on ba.com, similar to other services such as online banking. It's also coming soon to our app on mobile devices. This extra layer of security helps protect your account with a choice of quick and easy extra methods to verify your identity, as well as your username and password.
You'll shortly be required to set this up when you log in on ba.com. It's essential that your email address and mobile telephone number in your profile are up to date now. Please take a few moments to log in and check these details are correct. You can review and update your personal information in the Manage My Account section. If your details aren't up to date, you might be unable to log in to your account later on.
For more information, assistance or to view our Privacy Policy, please visit ba.com.
Thanks for your cooperation.
Warm regards,
Your Executive Club Team
At British Airways, we're committed to ensuring your data is secure.
We wanted to let you know that we're adding an extra step when you log in to your Executive Club account on ba.com, similar to other services such as online banking. It's also coming soon to our app on mobile devices. This extra layer of security helps protect your account with a choice of quick and easy extra methods to verify your identity, as well as your username and password.
You'll shortly be required to set this up when you log in on ba.com. It's essential that your email address and mobile telephone number in your profile are up to date now. Please take a few moments to log in and check these details are correct. You can review and update your personal information in the Manage My Account section. If your details aren't up to date, you might be unable to log in to your account later on.
For more information, assistance or to view our Privacy Policy, please visit ba.com.
Thanks for your cooperation.
Warm regards,
Your Executive Club Team
Last edited by squawk; Feb 15, 2024 at 6:09 am Reason: Formatting
Feb 15, 2024, 6:16 am
#50
Join Date: Jan 2005
Location: UK
Programs: Mucci. And BA Gold – previous awards - Gold 11, Silver 7, Bronze 4.
Posts: 4,236
Feb 15, 2024, 7:13 am
#51
Join Date: Aug 2006
Location: Switzerland
Posts: 1,593
The links in the email don't take you directly to the correct place.
Attempting to edit some of my personal details results in an "Error: something went wrong" message. Even just clicking to edit and then "save" without changing anything results in that error. Laughable.
Attempting to edit some of my personal details results in an "Error: something went wrong" message. Even just clicking to edit and then "save" without changing anything results in that error. Laughable.
Feb 15, 2024, 7:24 am
#52
Join Date: Jun 2008
Location: London
Programs: AAdvantage, and BAEC in name only
Posts: 803
Lets hope this works well, 2FA is certainly the right way to go. But my heart sank when I read the email as my expectations of any BA customer-facing IT working well is so low.
I logged in to try to check my phone numbers as advised and tried to delete my now non-existent 'home' phone number. That did not stick - then I got the 'multiple tabs in use' error message. Sigh.
I logged in to try to check my phone numbers as advised and tried to delete my now non-existent 'home' phone number. That did not stick - then I got the 'multiple tabs in use' error message. Sigh.
Feb 15, 2024, 8:13 am
#53
Join Date: Dec 2009
Location: Flatland
Programs: AA Lifetime Gold 1MM, BA Gold, UA Peon
Posts: 6,112
So, what's their recovery method when your device with the code-generating app breaks? Do they let you register multiple devices, perhaps? Or choose multiple 2FA methods?
This is usually the weakness of large corporations that say "use 2FA" and a major reason why I don't use it on some of them (particularly Facebook, who are notoriously hard to contact if you get locked out of your account). Is BA showing any signs of considering this?
This is usually the weakness of large corporations that say "use 2FA" and a major reason why I don't use it on some of them (particularly Facebook, who are notoriously hard to contact if you get locked out of your account). Is BA showing any signs of considering this?
Feb 15, 2024, 11:46 am
#54
Join Date: Jul 2011
Location: LCY / LHR / ZRH / JNB
Programs: BA
Posts: 120
Tried logging in, figuring that others doing this in the thread here must mean the website is running again after the last few weeks offline. Still can’t reach it, just says it’s experiencing high demand.
How are people reaching the site? I get the ‘high demand’ message at work, at home, and on mobile. And regardless of whether it’s daytime UK or if I have tried a few times at 4am or 5am. I don’t think it’s just me as the call centre keep saying it’s down for everyone when I’ve rung in to do tasks.
Not directly related to 2FA I guess, just interested how people are able to see / try this function - is there some workaround or way of reaching the site, other than going in a browser to ba.com ?
How are people reaching the site? I get the ‘high demand’ message at work, at home, and on mobile. And regardless of whether it’s daytime UK or if I have tried a few times at 4am or 5am. I don’t think it’s just me as the call centre keep saying it’s down for everyone when I’ve rung in to do tasks.
Not directly related to 2FA I guess, just interested how people are able to see / try this function - is there some workaround or way of reaching the site, other than going in a browser to ba.com ?
Feb 15, 2024, 11:55 am
#55
Join Date: Apr 2005
Location: UK
Programs: IC Hotels Spire, BA Gold
Posts: 8,671
Is there a way to opt out of this 2FA with BA? I only have one mobile phone and my bt e-mail account registered with BA has also recently gone onto 2FA to access.
At the moment, if my phone is lost / stolen / breaks etc than at least I could go to any web-enabled PC and still get into my e-mail and ba.com to change a booking et....... just by using my username and password for both. But with 2FA, I would be well and truly stuffed (particularly overseas) as I could no longer access ba.com without my phone and not even my e-mail account registered with ba either as this needs the same phone for 2FA
Do the bods ever think of this?
At the moment, if my phone is lost / stolen / breaks etc than at least I could go to any web-enabled PC and still get into my e-mail and ba.com to change a booking et....... just by using my username and password for both. But with 2FA, I would be well and truly stuffed (particularly overseas) as I could no longer access ba.com without my phone and not even my e-mail account registered with ba either as this needs the same phone for 2FA
Do the bods ever think of this?
Feb 15, 2024, 1:07 pm
#56
Join Date: Oct 2021
Location: London (née Melbourne)
Programs: Qantas Platinum (Oneworld Emerald)
Posts: 988
I just hope they aren't forcing to use SMS codes, or I may need to upgrade the roaming on my phone plan...
Perhaps they'll have easy workaround options for people logging in from abroad (although that partially defeats the purpose of 2FA if you can easily bypass it).
Perhaps they'll have easy workaround options for people logging in from abroad (although that partially defeats the purpose of 2FA if you can easily bypass it).
Feb 15, 2024, 2:01 pm
#57
Join Date: Mar 2010
Posts: 1,758
Lets hope this works well, 2FA is certainly the right way to go. But my heart sank when I read the email as my expectations of any BA customer-facing IT working well is so low.
I logged in to try to check my phone numbers as advised and tried to delete my now non-existent 'home' phone number. That did not stick - then I got the 'multiple tabs in use' error message. Sigh.
I logged in to try to check my phone numbers as advised and tried to delete my now non-existent 'home' phone number. That did not stick - then I got the 'multiple tabs in use' error message. Sigh.
Feb 15, 2024, 2:47 pm
#58
Join Date: Sep 2010
Location: Las Vegas
Programs: BA Gold; Hilton Honors Diamond
Posts: 3,228
I hope BA gets it right, especially for those of us with non-UK memberships.
Certainly my US-based financial institutions give me multiple ways to complete 2FA - it's usually either SMS, or a phone call, or an e-mail. More recently it's also push notifications to their app which will authenticate web browser access. However, when my UK bank moved to OTP for their website it only worked with UK and Spanish mobile numbers even though, in my case, you could specify a US number. Then, after it worked flawlessly for ages, it broke and would show one of my old UK numbers for OTP when trying to pay with my card, while OTP for website logins still showed my US number. No SMS was received and so I couldn't pay with my debit card nor could I log into my bank's website. The bank acknowledged the issue but couldn't say when it would be fixed. Then it just randomly started working again. Other challenges have been not getting the SMS codes when travelling abroad and having to rely on e-mail instead.
It is actually really frustrating that so many companies still don't support the E.164 number format or, even, numbers outside their own country. For example, Arrow Cars at NCL airport allow you to make a web booking using a non-UK phone number but the kiosks at the airport only take a UK number so you need to either have one of the staff pull up the booking to summon the car, or you need to go inside to the desk. It's one of the reasons I have a Vodafone PAYG number as I simply cannot rely on UK merchants supporting foreign mobile numbers.
Certainly my US-based financial institutions give me multiple ways to complete 2FA - it's usually either SMS, or a phone call, or an e-mail. More recently it's also push notifications to their app which will authenticate web browser access. However, when my UK bank moved to OTP for their website it only worked with UK and Spanish mobile numbers even though, in my case, you could specify a US number. Then, after it worked flawlessly for ages, it broke and would show one of my old UK numbers for OTP when trying to pay with my card, while OTP for website logins still showed my US number. No SMS was received and so I couldn't pay with my debit card nor could I log into my bank's website. The bank acknowledged the issue but couldn't say when it would be fixed. Then it just randomly started working again. Other challenges have been not getting the SMS codes when travelling abroad and having to rely on e-mail instead.
It is actually really frustrating that so many companies still don't support the E.164 number format or, even, numbers outside their own country. For example, Arrow Cars at NCL airport allow you to make a web booking using a non-UK phone number but the kiosks at the airport only take a UK number so you need to either have one of the staff pull up the booking to summon the car, or you need to go inside to the desk. It's one of the reasons I have a Vodafone PAYG number as I simply cannot rely on UK merchants supporting foreign mobile numbers.
Feb 15, 2024, 4:53 pm
#59
Join Date: Aug 2006
Location: Switzerland
Posts: 1,593
sms/email 2FA codes are already old fashioned and (relatively) easy for someone to intercept.
A 2FA code generated on a mobile app offline (I use "authy" but they're all pretty much the same) is the way to go at the moment. Or, like some banks, using biometrics (e.g. FaceID) on BA's mobile app to authenticate both within the app and externally.
Not that it matters; it'll just take us longer to get to a website which doesn't work.
A 2FA code generated on a mobile app offline (I use "authy" but they're all pretty much the same) is the way to go at the moment. Or, like some banks, using biometrics (e.g. FaceID) on BA's mobile app to authenticate both within the app and externally.
Not that it matters; it'll just take us longer to get to a website which doesn't work.
Feb 16, 2024, 1:58 am
#60
Join Date: Apr 2005
Location: UK
Programs: IC Hotels Spire, BA Gold
Posts: 8,671
sms/email 2FA codes are already old fashioned and (relatively) easy for someone to intercept.
A 2FA code generated on a mobile app offline (I use "authy" but they're all pretty much the same) is the way to go at the moment. Or, like some banks, using biometrics (e.g. FaceID) on BA's mobile app to authenticate both within the app and externally.
Not that it matters; it'll just take us longer to get to a website which doesn't work.
A 2FA code generated on a mobile app offline (I use "authy" but they're all pretty much the same) is the way to go at the moment. Or, like some banks, using biometrics (e.g. FaceID) on BA's mobile app to authenticate both within the app and externally.
Not that it matters; it'll just take us longer to get to a website which doesn't work.