AM: Mobile number OTP commencing 16 Apr (mandatory 16 Jun)
#16
Ambassador, Hong Kong and Macau
Original Poster
Join Date: May 2009
Location: HKG
Programs: Non-top tier Asia Miles member
Posts: 19,810
Actually some banks (such as HSBC) are moving towards verification through apps tied to your mobile phone rather than your SIM card, which makes life much easier when you swap SIM cards while overseas. But I guess that would be far beyond Cathay's level of IIT expertise ....
I think for HSBC and BoC, I'd essentially have to migrate them off to my second phone before I can restore my first phone?
#17
Join Date: Sep 2013
Posts: 525
Format your phone/accidentally erase your phone? I haven't tried restoring my HSBC or BoC tokens, I've been resisting moving for Citi/Hang Seng because of this.
I think for HSBC and BoC, I'd essentially have to migrate them off to my second phone before I can restore my first phone?
I think for HSBC and BoC, I'd essentially have to migrate them off to my second phone before I can restore my first phone?
#18
Ambassador, Hong Kong and Macau
Original Poster
Join Date: May 2009
Location: HKG
Programs: Non-top tier Asia Miles member
Posts: 19,810
I've done this many times. You need to call in to cancel your first device then reactivate your new device. In an ideal world, they would do 2FA like how Google does it, through an app. Then you can use something like Authy and keep all your 2FA logins in a single place.
i have no objection with the latter method (provided they don't decide to make me goto branch when I actually do it).
I had to have a think thru about the former. Not hard for someone to call in as me and deactivate my phone - I suspect the questions will be light. Then someone can activate their phone to be my 2FA simply with my dual passwords, which are static.
Not hard for someone to do both and my only indication is when my own phone's 2FA doesn't work, or my money is gone, whichever comes first. Seems like hsbc has created an exploitable vulnerability to me
#19
Join Date: Jan 2016
Location: LON
Programs: BAEC
Posts: 3,923
Related, but not directly relevant, I've tried to sign up for SMS alerts on a ticket I have with CX. I put my UK number in the prescribed international format, it says it will send me a verification code by SMS, and nothing arrives. Hope the CX and AM are not using the same system or this could be bedlam, although we'll done to AM for trying to do the right thing to protect their customer data
#20
Suspended
Join Date: May 2006
Location: HKG
Programs: A3, TK *G; JL JGC; SPG,Hilton Gold
Posts: 9,952
I went and asked how hsbc hk do it if I lost my phone with 2FA app. they deactivated my old one, then either I register a new one with my dual passwords or they send me a physical fob again (my last physical fob was deactivated when I authenticated my app to be my 2FA generator with it).
i have no objection with the latter method (provided they don't decide to make me goto branch when I actually do it).
I had to have a think thru about the former. Not hard for someone to call in as me and deactivate my phone - I suspect the questions will be light. Then someone can activate their phone to be my 2FA simply with my dual passwords, which are static.
Not hard for someone to do both and my only indication is when my own phone's 2FA doesn't work, or my money is gone, whichever comes first. Seems like hsbc has created an exploitable vulnerability to me
#21
Join Date: Sep 2004
Location: country Western Australia
Programs: QF SG(LTS) - AA LTG(1MM)
Posts: 2,771
I sent an email to AS. I created an AS account for my brother-in-law as I have organized a Circle Pacific trip to get him USA->Australia-> South America->USA. He has no mobile phone and is "computer challenged" and we live on different continents. I do not expect an early response.
Just wandering
Fred
Just wandering
Fred
#22
Suspended
Join Date: May 2006
Location: HKG
Programs: A3, TK *G; JL JGC; SPG,Hilton Gold
Posts: 9,952
I sent an email to AS. I created an AS account for my brother-in-law as I have organized a Circle Pacific trip to get him USA->Australia-> South America->USA. He has no mobile phone and is "computer challenged" and we live on different continents. I do not expect an early response.
Just wandering
Fred
Just wandering
Fred
#23
Join Date: Apr 2014
Location: Hertfordshire, UK
Programs: SQ,CX,LX
Posts: 343
Well, I tried to do the validation but it appears my account has been locked due to too many failed log-in attempts, it wasn't me as I've been away since Jan and not needed to access my account so I assume there's been a hacking attempt. I emailed AM two days ago but there's been no response from them apart from the acknowledgement of the email, how long do they usually take to respond to email?
#24
FlyerTalk Evangelist
Join Date: Jul 2006
Location: Hong Kong, France
Programs: FB , BA Gold
Posts: 15,583
It is clear that mobile OTP/2FA are being rapidly implemented by all banks and other providers.
I have got four request in the past three weeks, including my company server.
There is so much account hacking going on that I am happy for the increased security.
I am afraid that we all have to adapt our mobile phone behavior to that practice. Some SIM card strategies might become void. And losing the phone while traveling abroad is quite penalizing.
I have got four request in the past three weeks, including my company server.
There is so much account hacking going on that I am happy for the increased security.
I am afraid that we all have to adapt our mobile phone behavior to that practice. Some SIM card strategies might become void. And losing the phone while traveling abroad is quite penalizing.
#25
Ambassador, Hong Kong and Macau
Original Poster
Join Date: May 2009
Location: HKG
Programs: Non-top tier Asia Miles member
Posts: 19,810
#27
Ambassador, Hong Kong and Macau
Original Poster
Join Date: May 2009
Location: HKG
Programs: Non-top tier Asia Miles member
Posts: 19,810
#28
FlyerTalk Evangelist
Join Date: Jul 2006
Location: Hong Kong, France
Programs: FB , BA Gold
Posts: 15,583
You could also try to call the French CX number and they are open 7/7 from 0800 to 2000.
I am always found them very responsive to any question.
The might not be equipped to deal with your problem, but they might be able to forward your call or message MPC to get a fast response.
#30
Ambassador, Hong Kong and Macau
Original Poster
Join Date: May 2009
Location: HKG
Programs: Non-top tier Asia Miles member
Posts: 19,810
Probably the impetus for the changes:
https://hk.news.appledaily.com/local...80413/58066680
http://s.nextmedia.com/realtime/a.ph...647&a=58066674
http://s.nextmedia.com/realtime/a.ph...647&a=58066663
https://hk.news.appledaily.com/local...80413/58066680
http://s.nextmedia.com/realtime/a.ph...647&a=58066674
http://s.nextmedia.com/realtime/a.ph...647&a=58066663