KLM.com moving from FB Pin/existing password to new password for log-in
1 Attachment(s)
As many other airlines/websites have done in the past, KLM.com is now inviting users to create passwords for login, rather than just the Flying Blue pin.
|
It's a bit odd to have an "old password" field when you get this screen immediately after you logged in and typed in your password.
Also no "match/verify" new password, I wonder how many people will mistype their new password only to have to recover it later... |
So they introduce a new authentication mechanism...and do not include two-factor authentication? Missed opportunity imho.
|
They still occasionally require you to prove that you are not a robot, though :D :D :D
|
A good first step, but 2-factor auth is a must these days.
|
Are there other airlines that provide 2FA?
|
None that I'm aware of, but it's kind of a security standard these days (even if even PayPal doesn't offer it).
|
PayPal does offer it, at least in NL
It does become more and more common yes, I would hardly say it is standard, I'm not aware of any single retailer using it, it seems limited mostly to either banking/finance or tech savvy companies. |
Ah, I see that PayPal does indeed support 2FA, but they're using SMS, which isn't always practical. An authenticator app would be more useful, at least to me.
|
Is there any evidence that passwords meeting KLM's criteria are more secure than any other combination of 8 - 12 characters?
Restricting options this way just invites people to pick Qwerty1234 or similar easy to remember variations on that theme which I encounter a lot. Johan |
Originally Posted by mfkne
(Post 29390351)
Ah, I see that PayPal does indeed support 2FA, but they're using SMS, which isn't always practical. An authenticator app would be more useful, at least to me.
|
Originally Posted by johan rebel
(Post 29390528)
Is there any evidence that passwords meeting KLM's criteria are more secure than any other combination of 8 - 12 characters?
Restricting options this way just invites people to pick Qwerty1234 or similar easy to remember variations on that theme which I encounter a lot. Johan |
As IT professional and security enthusiast I've complained to KLM before that I wasn't happy with the four digit pin. But with this change, I don't think it actually got any better. The password requirements are ludicrous:
And to people who ask for two factor authentication: if you need that, your passwords are probably bad. Use a long password and a different password for every account you create. And if possible, even a different email address per account. |
Originally Posted by Kaasschaaf
(Post 29393786)
And to people who ask for two factor authentication: if you need that, your passwords are probably bad. Use a long password and a different password for every account you create. And if possible, even a different email address per account.
2FA is by definition more secure, and comes to address cases where someone got hold of your passwords, not necessarily by brute-forcing them. |
Originally Posted by mfkne
(Post 29390351)
Ah, I see that PayPal does indeed support 2FA, but they're using SMS, which isn't always practical. An authenticator app would be more useful, at least to me.
For people travelling and switching between various phone numbers it is painful to change sim cards just to get 2FA on the right phone. It is not like KL day to day business was to deal with travellers after all :rolleyes: |
All times are GMT -6. The time now is 6:17 am. |
This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.