Amtrak Multi-Factor Authentication Issues

Advertise with us
Shop deals on ebay
shop deals on amazon
Amtrak Unlimited Discussion Forum

Help Support Amtrak Unlimited Discussion Forum:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.
D

diesteldorf

Lead Service Attendant
Joined
Mar 27, 2006
Messages
366
Sometimes, it'll take awhile to get ticket confirmations via email. However, I have noticed the same thing with Multi-Factor Authentication. If you have this security feature setup, you are essentially locked out of your account until you receive the email.

Has anyone else experienced this?

Hopefully, Amtrak can eventually allow a text to a phone number or utilize Google or Microsoft Authenticator.
 
I normally use 2FA for everything but turned it off for Amtrak. Their system doesn’t remember the machines you use normally so it’s just too annoying and slow to use every time I need to login.
 
One of the biggest problems with 2FA is using the cell phone for receiving those texts.

You can mislay your phone and if not properly locked...

My phone shows part of the incoming message on the home screen and for some sites, that's all that is needed for someone who happens to have the phone you didn't realize you don't have with you.
 
me_little_me said:
One of the biggest problems with 2FA is using the cell phone for receiving those texts.

You can mislay your phone and if not properly locked...

My phone shows part of the incoming message on the home screen and for some sites, that's all that is needed for someone who happens to have the phone you didn't realize you don't have with you.
Click to expand...
I thought Amtrak.com sends the second factor code only by email. What does a phone have to do with anything?

Usually most 2FA systems provide a means other than SMS to receive the second factor token if one so desires.
 
jis said:
I thought Amtrak.com sends the second factor code only by email. What does a phone have to do with anything?

Usually most 2FA systems provide a means other than SMS to receive the second factor token if one so desires.
Click to expand...

Yeah, the far bigger issue with SMS-based 2FA is a SIM swap attack where someone gets a SIM card with your phone number (typically in person from a carrier store) and intercepts the texts that way. If someone has physical access to my device, I figure it's basically "game over," at least until I'm able to remotely wipe the device.
 
jebr said:
Yeah, the far bigger issue with SMS-based 2FA is a SIM swap attack where someone gets a SIM card with your phone number (typically in person from a carrier store) and intercepts the texts that way. If someone has physical access to my device, I figure it's basically "game over," at least until I'm able to remotely wipe the device.
Click to expand...
In addition to grabbing the text with the second factor token, they also need to have access to the first factor. Unless on is remarkably careless, that should be easy to make very hard to get.

Of course if one manages to be careless enough to often lose ones device, then the game is pretty much over from the getgo I suppose.
 
Is there a way to turn off the email verification code request on the Amtrak site? Mine is set to “off” and it still forces me to request a verification code, but it takes forever to come through. And the other issue is when I do finally get the code and enter it, I just get the “loading” icon with a moving train, but the site never opens. Just sits there saying loading.
 
DaddioRailman said:
Is there a way to turn off the email verification code request on the Amtrak site? Mine is set to “off” and it still forces me to request a verification code, but it takes forever to come through. And the other issue is when I do finally get the code and enter it, I just get the “loading” icon with a moving train, but the site never opens. Just sits there saying loading.
Click to expand...
Are you using a VPN? I found many sites don't work right through my VPN and I then get never-ending Captchas, twirling verifications and other such nonsense.
 
me_little_me said:
Are you using a VPN? I found many sites don't work right through my VPN and I then get never-ending Captchas, twirling verifications and other such nonsense.
Click to expand...
Amtrak MFA works through a VPN for me, but the interface is always buggy, probably because of Amtrak's IT department and how old Arrow is.

I strongly, strongly, urge those who care about their identity and would prefer not to get hacked, to set up a password manager. My personal favorite is Bitwarden. Changed my life as well as those of clients, family, and friends and it can change yours too. Free unless you want premium features which are cheap, and it's open source.
 

Latest posts

Back
Top