Finnair reminded loyalty-programme members on 26 October that two-factor authentication (2FA) is now mandatory for online account access. Members who enabled 2FA by midnight were entered into a draw for 10 000 Avios.
The airline says the change is driven by increasing cyber-fraud attempts targeting stored payment cards and unused upgrade vouchers. For global mobility teams, secure access is crucial because many expatriates manage company-paid lounge subscriptions and excess-baggage allowances via their Finnair Plus profile.
Travel-management companies reported few issues, although some corporate users relying on shared generic log-ins had to create individual accounts. Finnair’s move follows similar mandates by Lufthansa and British Airways and aligns with EU PSD2 strong-customer-authentication rules. Mobile-app users can choose between an authenticator app or one-time codes emailed to the address on file.
The carrier said fewer than 3 % of profiles remained unsecured by the cut-off and those accounts will require manual reset before use.
The airline says the change is driven by increasing cyber-fraud attempts targeting stored payment cards and unused upgrade vouchers. For global mobility teams, secure access is crucial because many expatriates manage company-paid lounge subscriptions and excess-baggage allowances via their Finnair Plus profile.
Travel-management companies reported few issues, although some corporate users relying on shared generic log-ins had to create individual accounts. Finnair’s move follows similar mandates by Lufthansa and British Airways and aligns with EU PSD2 strong-customer-authentication rules. Mobile-app users can choose between an authenticator app or one-time codes emailed to the address on file.
The carrier said fewer than 3 % of profiles remained unsecured by the cut-off and those accounts will require manual reset before use.
