Go Back  FlyerTalk Forums > Miles&Points > Airlines and Mileage Programs > Air France, KLM, and Other Partners | Flying Blue > KLM Flying Dutchman
Reload this Page >

KLM.com moving from FB Pin/existing password to new password for log-in

KLM.com moving from FB Pin/existing password to new password for log-in

Old Feb 7, 2018, 2:17 am
  #1  
FlyerTalk Evangelist
Original Poster
 
Join Date: Mar 2008
Location: Netherlands
Programs: KL Platinum; A3 Gold
Posts: 28,550
KLM.com moving from FB Pin/existing password to new password for log-in

As many other airlines/websites have done in the past, KLM.com is now inviting users to create passwords for login, rather than just the Flying Blue pin.
Attached Images  
irishguy28 is offline  
Old Feb 7, 2018, 2:44 am
  #2  
 
Join Date: Mar 2016
Location: CPT,AMS
Posts: 4,409
It's a bit odd to have an "old password" field when you get this screen immediately after you logged in and typed in your password.
Also no "match/verify" new password, I wonder how many people will mistype their new password only to have to recover it later...
Ditto is offline  
Old Feb 7, 2018, 4:41 am
  #3  
Moderator: Aegean Miles+Bonus
 
Join Date: Oct 2009
Location: AMS / ATH
Programs: AFKL Plat, A3 Gold
Posts: 7,321
So they introduce a new authentication mechanism...and do not include two-factor authentication? Missed opportunity imho.
irishguy28 likes this.
Xandrios is offline  
Old Feb 7, 2018, 4:42 am
  #4  
FlyerTalk Evangelist
Original Poster
 
Join Date: Mar 2008
Location: Netherlands
Programs: KL Platinum; A3 Gold
Posts: 28,550
They still occasionally require you to prove that you are not a robot, though
irishguy28 is offline  
Old Feb 7, 2018, 5:16 am
  #5  
 
Join Date: Jul 2009
Location: mostly not far from AMS, otherwise NUE
Programs: FB Silver, Hilton Diamond
Posts: 2,379
A good first step, but 2-factor auth is a must these days.
Zembla likes this.
mfkne is offline  
Old Feb 7, 2018, 5:33 am
  #6  
 
Join Date: Mar 2016
Location: CPT,AMS
Posts: 4,409
Are there other airlines that provide 2FA?
Ditto is offline  
Old Feb 7, 2018, 7:43 am
  #7  
 
Join Date: Jul 2009
Location: mostly not far from AMS, otherwise NUE
Programs: FB Silver, Hilton Diamond
Posts: 2,379
None that I'm aware of, but it's kind of a security standard these days (even if even PayPal doesn't offer it).
mfkne is offline  
Old Feb 7, 2018, 8:45 am
  #8  
 
Join Date: Mar 2016
Location: CPT,AMS
Posts: 4,409
PayPal does offer it, at least in NL
It does become more and more common yes, I would hardly say it is standard, I'm not aware of any single retailer using it, it seems limited mostly to either banking/finance or tech savvy companies.
Ditto is offline  
Old Feb 7, 2018, 10:28 am
  #9  
 
Join Date: Jul 2009
Location: mostly not far from AMS, otherwise NUE
Programs: FB Silver, Hilton Diamond
Posts: 2,379
Ah, I see that PayPal does indeed support 2FA, but they're using SMS, which isn't always practical. An authenticator app would be more useful, at least to me.
mfkne is offline  
Old Feb 7, 2018, 11:09 am
  #10  
FlyerTalk Evangelist
 
Join Date: Oct 2000
Posts: 14,352
Is there any evidence that passwords meeting KLM's criteria are more secure than any other combination of 8 - 12 characters?

Restricting options this way just invites people to pick Qwerty1234 or similar easy to remember variations on that theme which I encounter a lot.

Johan
johan rebel is offline  
Old Feb 7, 2018, 12:48 pm
  #11  
 
Join Date: Mar 2016
Location: CPT,AMS
Posts: 4,409
Originally Posted by mfkne
Ah, I see that PayPal does indeed support 2FA, but they're using SMS, which isn't always practical. An authenticator app would be more useful, at least to me.
Yes, it does limit indeed, especially since the OTP can only be sent to a Dutch mobile number, it's also not the most secure thing in the world, there have been frauds/scams in ZA which included "duplicating" one SIM card to get the bank OTP which is SMS based.
Ditto is offline  
Old Feb 7, 2018, 12:50 pm
  #12  
 
Join Date: Mar 2016
Location: CPT,AMS
Posts: 4,409
Originally Posted by johan rebel
Is there any evidence that passwords meeting KLM's criteria are more secure than any other combination of 8 - 12 characters?

Restricting options this way just invites people to pick Qwerty1234 or similar easy to remember variations on that theme which I encounter a lot.

Johan
It is no doubt more secure than just a 4-digit PIN code, which could have been only 1234
irishguy28, Carel1 and AJCNL like this.
Ditto is offline  
Old Feb 8, 2018, 7:35 am
  #13  
 
Join Date: Jan 2018
Location: Canada
Programs: Flying Blue Platinum
Posts: 90
As IT professional and security enthusiast I've complained to KLM before that I wasn't happy with the four digit pin. But with this change, I don't think it actually got any better. The password requirements are ludicrous:
  • 8 to 12 characters
  • At least 1 numeric character (0-9)
  • At least 1 uppercase character (A-Z) and 1 lowercase character (a-z)
  • In addition, the following characters are allowed: @ $ & + - / # _ ? !
First of all, why a maximum length password? I understand a minimum, but why the max? Secondly, if I want a password sentence, something like ialwaysflywithklmbecausetheyreblue is easily memorable and is harder to crack than with the current requirements. I use a password vault with password generator and i usually have passwords of over 50 digits with all types of symbols available and if companies restrict me in how complicated I my passwords want, I don't think they take their security serious. Unless the KLM IT department still lives in 1999.

And to people who ask for two factor authentication: if you need that, your passwords are probably bad. Use a long password and a different password for every account you create. And if possible, even a different email address per account.
Kaasschaaf is offline  
Old Feb 8, 2018, 8:17 am
  #14  
 
Join Date: Mar 2016
Location: CPT,AMS
Posts: 4,409
Originally Posted by Kaasschaaf
And to people who ask for two factor authentication: if you need that, your passwords are probably bad. Use a long password and a different password for every account you create. And if possible, even a different email address per account.
And then store all of them in the same software/app is not making it any more secure.
2FA is by definition more secure, and comes to address cases where someone got hold of your passwords, not necessarily by brute-forcing them.
Ditto is offline  
Old Feb 8, 2018, 8:46 pm
  #15  
 
Join Date: Jun 2005
Location: 🇸🇬 🇭🇰 🇫🇷
Programs: Many
Posts: 4,749
Originally Posted by mfkne
Ah, I see that PayPal does indeed support 2FA, but they're using SMS, which isn't always practical. An authenticator app would be more useful, at least to me.
+1

For people travelling and switching between various phone numbers it is painful to change sim cards just to get 2FA on the right phone.

It is not like KL day to day business was to deal with travellers after all
bodory is offline  

Thread Tools
Search this Thread

Contact Us - Manage Preferences - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service -

This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.