Maximise your Avios, air miles and hotel points

Forums Frequent flyer programs British Airways Executive Club BA 2FA – BA IT “business as usual”…..

  • Ihar 194 posts

    Well I got it working eventually. The 2FA via “email code” that seems to be set up by default didn’t work for me – “Bad request”. Neither did the “Set up 2FA link” via my email “in email browser” (still Chrome) – same result. But copying/pasting the link into a normal browser tab worked, and easy enough to set up with Google Authenticator.

    Praise the Lord! Welcome to 1997. 😉

    <soapbox>
    (On a technical note, the “2FA recovery key” completely (IMHO) defeats the purpose of 2FA. You can use it to login as an alternative to your 2FA. Like a second password. That people can’t remember so need to store somewhere. Probably in cleartext on whatever device they are using. So now you can login with TWO things you know, which is NOT 2FA) </soapbox>

    mada11ad 3 posts

    I had the same issue! on a different note, on my last BA flight back in March I did not receive the pre departure/check-in email and only received it yesterday almost four weeks after the flight! The gift that keeps on giving lol

    memesweeper 1,299 posts

    On a technical note, the “2FA recovery key” completely (IMHO) defeats the purpose of 2FA.

    It’s not quite as bad as that, although it is not ideal. Having said that, SMS is also pretty weak as a second factor for high-value accounts. Most people still have unlocked physical SIMs and notifications with summaries on, and as a result many organisations are moving away from SMS.

    This is a considered piece on the relative strengths and weakness of various additional login steps, from people who understand, have no axe to grind and no product to sell: https://www.ncsc.gov.uk/blog-post/what-if-a-service-changes-your-2-step-verification-options

    Ihar 194 posts

    Your link is for 2SV, not 2FA. SMS is still a good option as it is the “something you have” (phone). Of course the best solution is to get a password manager (I use Lastpass) and store all your randomised passwords (I have 500) in a secure vault. Shared passwords and phishing is probably the biggest issue.

    If you don’t want you money/Avios, use a weak password or one you use elsewhere. I have no idea what my BA password is. But according to my password vault it is dEss8U3MvfGCmGD . NOTE: I have changed/added/deleted one character. Good luck hacking that!

  • You must be logged in to reply to this topic.

The UK's biggest frequent flyer website uses cookies, which you can block via your browser settings. Continuing implies your consent to this policy. Our privacy policy is here.