Go Back  FlyerTalk Forums > Miles&Points > Airlines and Mileage Programs > Cathay Pacific | Cathay
Reload this Page >

AM: Mobile number OTP commencing 16 Apr (mandatory 16 Jun)

Register
Community
Wiki Posts
Today's Posts
Search

AM: Mobile number OTP commencing 16 Apr (mandatory 16 Jun)

Thread Tools
 
Search this Thread
 
Old Apr 10, 2018, 3:30 am
  #16  
Ambassador, Hong Kong and Macau
Original Poster
 
Join Date: May 2009
Location: HKG
Programs: Non-top tier Asia Miles member
Posts: 19,810
Originally Posted by dgittings
Actually some banks (such as HSBC) are moving towards verification through apps tied to your mobile phone rather than your SIM card, which makes life much easier when you swap SIM cards while overseas. But I guess that would be far beyond Cathay's level of IIT expertise ....
Format your phone/accidentally erase your phone? I haven't tried restoring my HSBC or BoC tokens, I've been resisting moving for Citi/Hang Seng because of this.

I think for HSBC and BoC, I'd essentially have to migrate them off to my second phone before I can restore my first phone?
percysmith is offline  
Reply
Old Apr 10, 2018, 7:11 am
  #17  
 
Join Date: Sep 2013
Posts: 525
Originally Posted by percysmith
Format your phone/accidentally erase your phone? I haven't tried restoring my HSBC or BoC tokens, I've been resisting moving for Citi/Hang Seng because of this.

I think for HSBC and BoC, I'd essentially have to migrate them off to my second phone before I can restore my first phone?
I've done this many times. You need to call in to cancel your first device then reactivate your new device. In an ideal world, they would do 2FA like how Google does it, through an app. Then you can use something like Authy and keep all your 2FA logins in a single place.
LoveHateRelationship is offline  
Reply
Old Apr 10, 2018, 7:53 am
  #18  
Ambassador, Hong Kong and Macau
Original Poster
 
Join Date: May 2009
Location: HKG
Programs: Non-top tier Asia Miles member
Posts: 19,810
Originally Posted by LoveHateRelationship


I've done this many times. You need to call in to cancel your first device then reactivate your new device. In an ideal world, they would do 2FA like how Google does it, through an app. Then you can use something like Authy and keep all your 2FA logins in a single place.
I went and asked how hsbc hk do it if I lost my phone with 2FA app. they deactivated my old one, then either I register a new one with my dual passwords or they send me a physical fob again (my last physical fob was deactivated when I authenticated my app to be my 2FA generator with it).

i have no objection with the latter method (provided they don't decide to make me goto branch when I actually do it).
I had to have a think thru about the former. Not hard for someone to call in as me and deactivate my phone - I suspect the questions will be light. Then someone can activate their phone to be my 2FA simply with my dual passwords, which are static.
Not hard for someone to do both and my only indication is when my own phone's 2FA doesn't work, or my money is gone, whichever comes first. Seems like hsbc has created an exploitable vulnerability to me
percysmith is offline  
Reply
Old Apr 10, 2018, 12:52 pm
  #19  
 
Join Date: Jan 2016
Location: LON
Programs: BAEC
Posts: 3,923
Related, but not directly relevant, I've tried to sign up for SMS alerts on a ticket I have with CX. I put my UK number in the prescribed international format, it says it will send me a verification code by SMS, and nothing arrives. Hope the CX and AM are not using the same system or this could be bedlam, although we'll done to AM for trying to do the right thing to protect their customer data
plunet is offline  
Reply
Old Apr 11, 2018, 2:41 am
  #20  
Suspended
 
Join Date: May 2006
Location: HKG
Programs: A3, TK *G; JL JGC; SPG,Hilton Gold
Posts: 9,952
Originally Posted by percysmith


I went and asked how hsbc hk do it if I lost my phone with 2FA app. they deactivated my old one, then either I register a new one with my dual passwords or they send me a physical fob again (my last physical fob was deactivated when I authenticated my app to be my 2FA generator with it).

i have no objection with the latter method (provided they don't decide to make me goto branch when I actually do it).
I had to have a think thru about the former. Not hard for someone to call in as me and deactivate my phone - I suspect the questions will be light. Then someone can activate their phone to be my 2FA simply with my dual passwords, which are static.
Not hard for someone to do both and my only indication is when my own phone's 2FA doesn't work, or my money is gone, whichever comes first. Seems like hsbc has created an exploitable vulnerability to me
they probably would make you do mobile otp at that time. or call back to home/mobile number
kaka is offline  
Reply
Old Apr 11, 2018, 8:00 pm
  #21  
 
Join Date: Sep 2004
Location: country Western Australia
Programs: QF SG(LTS) - AA LTG(1MM)
Posts: 2,771
I sent an email to AS. I created an AS account for my brother-in-law as I have organized a Circle Pacific trip to get him USA->Australia-> South America->USA. He has no mobile phone and is "computer challenged" and we live on different continents. I do not expect an early response.

Just wandering
Fred
wandering_fred is offline  
Reply
Old Apr 11, 2018, 8:47 pm
  #22  
Suspended
 
Join Date: May 2006
Location: HKG
Programs: A3, TK *G; JL JGC; SPG,Hilton Gold
Posts: 9,952
Originally Posted by wandering_fred
I sent an email to AS. I created an AS account for my brother-in-law as I have organized a Circle Pacific trip to get him USA->Australia-> South America->USA. He has no mobile phone and is "computer challenged" and we live on different continents. I do not expect an early response.

Just wandering
Fred
AS? how does that relate to CX imposing mobile OTP lol?
kaka is offline  
Reply
Old Apr 12, 2018, 1:34 am
  #23  
 
Join Date: Apr 2014
Location: Hertfordshire, UK
Programs: SQ,CX,LX
Posts: 343
Well, I tried to do the validation but it appears my account has been locked due to too many failed log-in attempts, it wasn't me as I've been away since Jan and not needed to access my account so I assume there's been a hacking attempt. I emailed AM two days ago but there's been no response from them apart from the acknowledgement of the email, how long do they usually take to respond to email?
Lussac is offline  
Reply
Old Apr 12, 2018, 2:08 am
  #24  
FlyerTalk Evangelist
 
Join Date: Jul 2006
Location: Hong Kong, France
Programs: FB , BA Gold
Posts: 15,583
It is clear that mobile OTP/2FA are being rapidly implemented by all banks and other providers.
I have got four request in the past three weeks, including my company server.
There is so much account hacking going on that I am happy for the increased security.
I am afraid that we all have to adapt our mobile phone behavior to that practice. Some SIM card strategies might become void. And losing the phone while traveling abroad is quite penalizing.
brunos is offline  
Reply
Old Apr 12, 2018, 2:58 am
  #25  
Ambassador, Hong Kong and Macau
Original Poster
 
Join Date: May 2009
Location: HKG
Programs: Non-top tier Asia Miles member
Posts: 19,810
Originally Posted by Lussac
how long do they usually take to respond to email?
>8 days [code]https://www.facebook.com/asiamiles/posts/1363701500397106
percysmith is offline  
Reply
Old Apr 12, 2018, 4:14 am
  #26  
 
Join Date: Apr 2014
Location: Hertfordshire, UK
Programs: SQ,CX,LX
Posts: 343
OK, thanks. I'm in France at the moment so don't really want to call HK.
Lussac is offline  
Reply
Old Apr 12, 2018, 5:00 am
  #27  
Ambassador, Hong Kong and Macau
Original Poster
 
Join Date: May 2009
Location: HKG
Programs: Non-top tier Asia Miles member
Posts: 19,810
Originally Posted by Lussac
OK, thanks. I'm in France at the moment so don't really want to call HK.
You need to get Skypeout if you want to deal with this FFP. Topping up from in-app you can get away with US$5 first topup
percysmith is offline  
Reply
Old Apr 12, 2018, 9:27 am
  #28  
FlyerTalk Evangelist
 
Join Date: Jul 2006
Location: Hong Kong, France
Programs: FB , BA Gold
Posts: 15,583
Originally Posted by Lussac
OK, thanks. I'm in France at the moment so don't really want to call HK.
Skype or other internet-based system is cheap.
You could also try to call the French CX number and they are open 7/7 from 0800 to 2000.
I am always found them very responsive to any question.
The might not be equipped to deal with your problem, but they might be able to forward your call or message MPC to get a fast response.
brunos is offline  
Reply
Old Apr 12, 2018, 5:42 pm
  #29  
 
Join Date: Sep 2004
Location: country Western Australia
Programs: QF SG(LTS) - AA LTG(1MM)
Posts: 2,771
Originally Posted by kaka
AS? how does that relate to CX imposing mobile OTP lol?
I should have written it out - Asia Miles with respect to my email

Fred
wandering_fred is offline  
Reply
Old Apr 12, 2018, 7:35 pm
  #30  
Ambassador, Hong Kong and Macau
Original Poster
 
Join Date: May 2009
Location: HKG
Programs: Non-top tier Asia Miles member
Posts: 19,810
Probably the impetus for the changes:

https://hk.news.appledaily.com/local...80413/58066680

http://s.nextmedia.com/realtime/a.ph...647&a=58066674

http://s.nextmedia.com/realtime/a.ph...647&a=58066663
percysmith is offline  
Reply



Advanced Search
Reply Closed Thread Share
Forum Jump

Contact Us - Manage Preferences - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service -

This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.