KLM.com moving from FB Pin/existing password to new password for log-in
Feb 9, 2018, 12:10 am
#16
Moderator: Aegean Miles+Bonus
Join Date: Oct 2009
Location: AMS / ATH
Programs: AFKL Plat, A3 Gold
Posts: 7,339
2FA requires to have access to both the password AND a separate device (eg phone), which is going to be much harder for somebody to get access to remotely.
Feb 9, 2018, 3:28 am
#17
Join Date: Sep 2005
Location: NL
Programs: FB M&M AA Amex HH SPG and others
Posts: 1,929
No personel experience though.
Feb 9, 2018, 3:59 am
#18
Join Date: Jun 2005
Location: 🇸🇬 🇭🇰 🇫🇷
Programs: Many
Posts: 4,749
Thanks for the suggestion. Authy is great indeed. But should a merchant (or KLM) decide to implement 2FA through SMS I must comply with that unless I am mistaken.
Sorry for OT
Feb 9, 2018, 8:01 am
#19
Join Date: Sep 2005
Location: NL
Programs: FB M&M AA Amex HH SPG and others
Posts: 1,929
Yeah, that's right. SMS will work only on the right number - so only on that simcard.
Feb 10, 2018, 4:24 am
#20
Join Date: Feb 2018
Programs: FlyingBlue
Posts: 15
MFA is a must. Different MFA options, the option to set up more than one is also desired.
Me personally love my LastPass+LastPass Authenticator setup. With this I also enforce my important family members online security
Me personally love my LastPass+LastPass Authenticator setup. With this I also enforce my important family members online security
Feb 12, 2018, 4:09 am
#21
Join Date: May 2009
Location: AMS
Posts: 2,062
Feb 15, 2018, 2:50 pm
#23
Join Date: Mar 2016
Location: CPT,AMS
Posts: 4,412
Apparently now if you mistype your password 3 times (or if you try to use the app which was logged in previously and didn't change the password...) it locks you out and you have to go to the "Forgotten password" page, and you are asked to answer your secret question before a new PIN is e-mailed to you.
This is compared to the previous behaviour where the account magically unlocked itself after a few minutes.
This is compared to the previous behaviour where the account magically unlocked itself after a few minutes.
Feb 16, 2018, 1:47 am
#24
Moderator: Aegean Miles+Bonus
Join Date: Oct 2009
Location: AMS / ATH
Programs: AFKL Plat, A3 Gold
Posts: 7,339
I hate secret questions. The question is either too simple (in a way that everyone who knows you could answer it), or, too difficult (In the way that you will have forgotten the exact phrasing one year later).
Why don't they just send an SMS or reset-email like the rest of the world does?
Why don't they just send an SMS or reset-email like the rest of the world does?
Feb 16, 2018, 5:59 am
#26
Join Date: Mar 2016
Location: CPT,AMS
Posts: 4,412
I hate secret questions. The question is either too simple (in a way that everyone who knows you could answer it), or, too difficult (In the way that you will have forgotten the exact phrasing one year later).
Why don't they just send an SMS or reset-email like the rest of the world does?
Why don't they just send an SMS or reset-email like the rest of the world does?
Feb 16, 2018, 6:05 am
#27
Moderator: Aegean Miles+Bonus
Join Date: Oct 2009
Location: AMS / ATH
Programs: AFKL Plat, A3 Gold
Posts: 7,339
It is only more secure if an attacker already has access to a secondary communication path like your phone or email. Is that something common enough to add the extra step for?
I'd say that somebody re-using the same password on multiple sites, and allowing an attacker to get access that way, is way more of a risk. Which is what 2FA can help to prevent. And really there is no excuse to not implement 2FA as even a 3rd party system (eg Google API) can offer that functionality. I'd say it is a similar effort to implementing the Facebook-authentication...which they have already added years ago.
I'd say that somebody re-using the same password on multiple sites, and allowing an attacker to get access that way, is way more of a risk. Which is what 2FA can help to prevent. And really there is no excuse to not implement 2FA as even a 3rd party system (eg Google API) can offer that functionality. I'd say it is a similar effort to implementing the Facebook-authentication...which they have already added years ago.
Feb 16, 2018, 6:07 am
#28
FlyerTalk Evangelist
Original Poster
Join Date: Mar 2008
Location: Netherlands
Programs: KL Platinum; A3 Gold
Posts: 28,721
Just use your Aegean Miles+Bonus number as the answer to all the secret questions
Secret questions become even more secret when your answer is to a question of your own choosing...
Secret questions become even more secret when your answer is to a question of your own choosing...
Feb 16, 2018, 6:09 am
#29
Join Date: Mar 2016
Location: CPT,AMS
Posts: 4,412
Many times a hacker obtain access to an e-mail account, and from there starts to cause damage by 'reset password' in other websites, so yes I would consider that common enough.