KLM.com moving from FB Pin/existing password to new password for log-in
#1
FlyerTalk Evangelist
Original Poster
Join Date: Mar 2008
Location: Netherlands
Programs: KL Platinum; A3 Gold
Posts: 28,550
KLM.com moving from FB Pin/existing password to new password for log-in
As many other airlines/websites have done in the past, KLM.com is now inviting users to create passwords for login, rather than just the Flying Blue pin.
#2
Join Date: Mar 2016
Location: CPT,AMS
Posts: 4,409
It's a bit odd to have an "old password" field when you get this screen immediately after you logged in and typed in your password.
Also no "match/verify" new password, I wonder how many people will mistype their new password only to have to recover it later...
Also no "match/verify" new password, I wonder how many people will mistype their new password only to have to recover it later...
#8
Join Date: Mar 2016
Location: CPT,AMS
Posts: 4,409
PayPal does offer it, at least in NL
It does become more and more common yes, I would hardly say it is standard, I'm not aware of any single retailer using it, it seems limited mostly to either banking/finance or tech savvy companies.
It does become more and more common yes, I would hardly say it is standard, I'm not aware of any single retailer using it, it seems limited mostly to either banking/finance or tech savvy companies.
#9
Join Date: Jul 2009
Location: mostly not far from AMS, otherwise NUE
Programs: FB Silver, Hilton Diamond
Posts: 2,379
Ah, I see that PayPal does indeed support 2FA, but they're using SMS, which isn't always practical. An authenticator app would be more useful, at least to me.
#10
FlyerTalk Evangelist
Join Date: Oct 2000
Posts: 14,352
Is there any evidence that passwords meeting KLM's criteria are more secure than any other combination of 8 - 12 characters?
Restricting options this way just invites people to pick Qwerty1234 or similar easy to remember variations on that theme which I encounter a lot.
Johan
Restricting options this way just invites people to pick Qwerty1234 or similar easy to remember variations on that theme which I encounter a lot.
Johan
#11
Join Date: Mar 2016
Location: CPT,AMS
Posts: 4,409
Yes, it does limit indeed, especially since the OTP can only be sent to a Dutch mobile number, it's also not the most secure thing in the world, there have been frauds/scams in ZA which included "duplicating" one SIM card to get the bank OTP which is SMS based.
#12
Join Date: Mar 2016
Location: CPT,AMS
Posts: 4,409
Is there any evidence that passwords meeting KLM's criteria are more secure than any other combination of 8 - 12 characters?
Restricting options this way just invites people to pick Qwerty1234 or similar easy to remember variations on that theme which I encounter a lot.
Johan
Restricting options this way just invites people to pick Qwerty1234 or similar easy to remember variations on that theme which I encounter a lot.
Johan
#13
Join Date: Jan 2018
Location: Canada
Programs: Flying Blue Platinum
Posts: 90
As IT professional and security enthusiast I've complained to KLM before that I wasn't happy with the four digit pin. But with this change, I don't think it actually got any better. The password requirements are ludicrous:
And to people who ask for two factor authentication: if you need that, your passwords are probably bad. Use a long password and a different password for every account you create. And if possible, even a different email address per account.
- 8 to 12 characters
- At least 1 numeric character (0-9)
- At least 1 uppercase character (A-Z) and 1 lowercase character (a-z)
- In addition, the following characters are allowed: @ $ & + - / # _ ? !
And to people who ask for two factor authentication: if you need that, your passwords are probably bad. Use a long password and a different password for every account you create. And if possible, even a different email address per account.
#14
Join Date: Mar 2016
Location: CPT,AMS
Posts: 4,409
2FA is by definition more secure, and comes to address cases where someone got hold of your passwords, not necessarily by brute-forcing them.
#15
Join Date: Jun 2005
Location: 🇸🇬 🇭🇰 🇫🇷
Programs: Many
Posts: 4,749
For people travelling and switching between various phone numbers it is painful to change sim cards just to get 2FA on the right phone.
It is not like KL day to day business was to deal with travellers after all