Airlines

About time: Singapore Airlines is improving KrisFlyer account security

KrisFlyer is introducing alphanumeric passwords from 24 September 2019, which will make your account a lot tougher to crack.

I’m not what you might call a security expert, but even I know that using a six-digit PIN for account security is woefully inadequate.

The gold standard for passwords is an alphanumeric combination featuring upper/lowercase and special characters. That’s what Asia Miles requires, and according to audit site howsecureismypassword, such a password would take more than 200 million years to brute force.

Advertising
Citi PayAll

Advertising
Citi PayAll

KrisFlyer’s six-digit PINs, on the other hand, would be cracked in 25 microseconds. Clearly, something is wrong with this picture.

Advertising

We’ve already seen how this system is a breach waiting to happen.  Back in April 2018, a KrisFlyer member lost 76,000 miles when hackers emptied her account redeeming one-way economy class tickets on Lufthansa (that’s the real crime here) from Frankfurt to Saint Petersburg.

The member was eventually made whole by KrisFlyer, but the incident highlighted a glaring flaw in account security. As if a six-digit PIN wasn’t bad enough, there was no OTP mechanism in place for high-risk transactions like adding or changing redemption nominees. Once an intruder got into your account, he/she could have a field day without so much as a peep from the system.

To Singapore Airlines’ credit, they responded by adding OTPs in June 2018. You’re now asked to provide an OTP when carrying out certain transactions, which can be received either on your phone or via email. 

Advertising
Citi PayAll

Advertising
Citi PayAll

However, we’ve still been stuck with the issue of six-digit PINs.

KrisFlyer will replace PINs with passwords

Advertising

Well, there’s some good news on this front.

From 24 September 2019, KrisFlyer will be replacing six-digit PINs with password logins. You’ll be prompted to change your PIN to a password when you log in on or after this date.

Your new password must contain 8 to 16 alphanumeric characters and include a combination of:

  • Numbers (0-9),
  • Uppercase and lowercase letters (A-Z and a-z), and
  • Special characters ([email protected]#$%^&*())
Advertising

And that, quite frankly, is exactly how it should be.

Don’t wipe your current PIN from your memory banks though- it’ll still be used for verification purposes when calling up KrisFlyer membership services

In addition to this, you’ll also be able to log in with your email address instead of your KrisFlyer number if you prefer. More FAQs about these changes can be found here.

Conclusion

It’s good to see KrisFlyer adopt these changes, because there’s simply no reason why frequent flyer accounts shouldn’t be secured with more robust security measures.

Advertising

Remember: miles are as good as money, so there’ll always be ne’er-do-wells looking to pilfer them. Protect your frequent flyer account the same way you would your bank account, and change your PIN to a password as soon as you can.


Signing up for cards or making purchases through the links in this article may generate a referral commission that supports the running of The Milelion. Found this post useful? Subscribe to our Telegram Channel to get these posts pushed directly to your phone, or our newsletter (on the right of your screen) for the latest deals and hacks delivered to your inbox.

4
Leave a Reply

Please Login to comment
avatar
3 Comment threads
1 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
4 Comment authors
Lady GJLJonDizzy Recent comment authors
  Subscribe  
Notify of
Dizzy
Guest
Dizzy

Wrote in last year to ask them to do this, to which they replied that they believe the current 6 digit PIN is sufficient. Shameful reply but oh well better late than never…

Jon
Guest
Jon

How will the hotline will authenticate you from now? It used to be KF number + the 6-digit PIN.

JL
Guest
JL

Don’t wipe your current PIN from your memory banks though- it’ll still be used for verification purposes when calling up KrisFlyer membership services

Lady G
Guest
Lady G

Tried an early reset using the link SQ gave but it just made me reset the same 6 digit pin. Haiz.