๐Ÿ”ฅ AMEX Platinum Charge welcome offer: Get 150,000 bonus points+ S$100 with S$8K spend

About time: Singapore Airlines is improving KrisFlyer account security

KrisFlyer is introducing alphanumeric passwords from 24 September 2019, which will make your account a lot tougher to crack.

Iโ€™m not what you might call a security expert, but even I know that using a six-digit PIN for account security is woefully inadequate.

The gold standard for passwords is an alphanumeric combination featuring upper/lowercase and special characters. Thatโ€™s what Asia Miles requires, and according to audit site howsecureismypassword, such a password would take more than 200 million years to brute force.

KrisFlyerโ€™s six-digit PINs, on the other hand, would be cracked in 25 microseconds. Clearly, something is wrong with this picture.

Weโ€™ve already seen how this system is a breach waiting to happen.  Back in April 2018, a KrisFlyer member lost 76,000 miles when hackers emptied her account redeeming one-way economy class tickets on Lufthansa (thatโ€™s the real crime here) from Frankfurt to Saint Petersburg.

The member was eventually made whole by KrisFlyer, but the incident highlighted a glaring flaw in account security. As if a six-digit PIN wasnโ€™t bad enough, there was no OTP mechanism in place for high-risk transactions like adding or changing redemption nominees. Once an intruder got into your account, he/she could have a field day without so much as a peep from the system.

To Singapore Airlinesโ€™ credit, they responded by adding OTPs in June 2018. Youโ€™re now asked to provide an OTP when carrying out certain transactions, which can be received either on your phone or via email. 

However, weโ€™ve still been stuck with the issue of six-digit PINs.

KrisFlyer will replace PINs with passwords

Well, thereโ€™s some good news on this front.

From 24 September 2019, KrisFlyer will be replacing six-digit PINs with password logins. Youโ€™ll be prompted to change your PIN to a password when you log in on or after this date.

Your new password must contain 8 to 16 alphanumeric characters and include a combination of:

  • Numbers (0-9),
  • Uppercase and lowercase letters (A-Z and a-z), and
  • Special characters (!@#$%^&*())

And that, quite frankly, is exactly how it should be.

Donโ€™t wipe your current PIN from your memory banks though- itโ€™ll still be used for verification purposes when calling up KrisFlyer membership services

In addition to this, youโ€™ll also be able to log in with your email address instead of your KrisFlyer number if you prefer. More FAQs about these changes can be found here.

Conclusion

Itโ€™s good to see KrisFlyer adopt these changes, because thereโ€™s simply no reason why frequent flyer accounts shouldnโ€™t be secured with more robust security measures.

Remember: miles are as good as money, so thereโ€™ll always be neโ€™er-do-wells looking to pilfer them. Protect your frequent flyer account the same way you would your bank account, and change your PIN to a password as soon as you can.

Aaron Wong
Aaron Wong
Aaron founded The Milelion to help people travel better for less and impress chiobu. He was 50% successful.

Similar Articles

Comments

4 COMMENTS

Subscribe
Notify of
guest


4 Comments
Oldest
Newest
Inline Feedbacks
View all comments
Dizzy

Wrote in last year to ask them to do this, to which they replied that they believe the current 6 digit PIN is sufficient. Shameful reply but oh well better late than neverโ€ฆ

Jon

How will the hotline will authenticate you from now? It used to be KF number + the 6-digit PIN.

JL

Donโ€™t wipe your current PIN from your memory banks though- itโ€™ll still be used for verification purposes when calling up KrisFlyer membership services

Lady G

Tried an early reset using the link SQ gave but it just made me reset the same 6 digit pin. Haiz.

CREDIT CARD SIGN UP BONUSES

Advertisment

Featured Deals

Advertisment

Follow us

7,110FansLike
13,838FollowersFollow

TAGS