Delta 2FA is now live
 

I just went to Delta.com on a laptop to log in and got a 2FA message - a message with a six-digit code was sent to my email (no option was provided to have it sent to my phone).
After I entered it. I then got what is probably a one-time prompt to confirm contact information on file for recovery purposes.

United starting doing this sometime in the past year or so. Not sure about AA.

I imagine that most of the time, 2FA is not a problem, but occasionally it would be a real pain, like when on an airplane.

Just went to the Delta app, did not get a 2FA message.

This has been in existence for a while for certain functions, such as looking up e-tickets/e-credits by phone number.

I just did a general log in on the website and did not get 2FA.

Nothing here either... just logged in as normal with no 2FA prompt/options.

these sorts of fake 2FAs are only marginally better than no 2FA, most of the time someone compromises a delta dot com password they probably already have the email compromised as well (probably because the user has the same password on both)

My app did it... yesterday? Which is somewhat ridiculous, as it is protected by my fingerprint anyway. No such thing happening on the website though.

are you using andriod? I am not sure but on iOS at least, using touchID or faceID would not protect your account, as anyone with the password can get in.

Android.

Technically yes, you could also use the password.
However, my password is so cryptic and complicated that I don't even know it and have to rely on a password manager. 🤣

Delta should go to using a Passkey log-in, as this method is slowly gaining traction/acceptance. On Apple products can use FaceID (iPhones and iPads) and Touch ID (Macs/older iPhones/iPads).

I thought this thread was about 2 Delta FAs going live on TikTok or Instagram :D

I got the 2FA prompt but there was an option to Skp. So I did. :D :D :D

from what i understand the 2fa will send the sms or mail code when you login on a new device
so if you logout and login in the app you use daily, nothing changes, it should be a "recognized" device, so no additional security needed

Last month I did my annual dual iPhone upgrade from a 15 pro -> 16 pro and 15 pro max -> 16 pro max with the data transferred over WiFi. Both iPhones had a a new MAC address and Delta did not prompt me for a 2FA with these 2 new devices.

neither of these do what 2FA does. They allow you to basically login easier with your known device, and both are completely out of the loop when you're logging in on a new device. An attacker with your password won't be slowed down at all if you are using faceID or passkeys but might be slowed down or even completely stopped if the site uses 2FA (depends on the implementation).

MAC addresses aren't going to be seen by the website

this is generally the idea, there are of course a lot of wrinkles that might cause 2FA to be triggered even when you're on the same device, but yeah this is directionally correct