Amtrak website now requires 'multi-factor authentication' for 'some' members - 'why me?'

Amtrak Unlimited Discussion Forum

Help Support Amtrak Unlimited Discussion Forum:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.
Joined
Jan 26, 2020
Messages
2,260
Location
Oregon Coast
When signing in to Amtrak Guest Rewards a code number is sent to my email address which must be used... an extra security step. Unable to sign in on the Iphone. There is an option to disable in the profile section. But it is already disabled for me. So I tried enabling... then signed in with required code [new code required for each sign-in.] Then clicked on 'disable.' That didn't work and code is still required.

Called Amtrak and said that certain customers cannot disable this requirement. She said it might be for those who have the rewards card... but said that no one would be able to help me and the IT department cannot accept any calls... and no way to reach them.

Does anyone on the forum have this issue? If you do... do you have the AGR card? If you don't and still have the AGR card it would be helpful to know as well. Collectively there's a lot of wisdom and experience on this forum. Any information is much appreciated!
 
I just signed into my AGR account on my laptop and it did not require 2 step authentication. I do have the AGR credit card. I am also Select Executive (if that makes a difference).
Thank you... that let's me know there's definitely a glitch in their system. I called AGR and they said they were referring it to someone 'who may be able to help.' Frustrating! Wondering if anyone else has this going on?
 
I had to go through the 2 step authentication this morning, both my account and my wife's.
Emailed Amtrak asking (suggesting) they give a choice - email or text.
Other websites I use allow this option. One even allows a voice call to a regular phone.
 
Maybe 2 years ago, there was an AGR 'problem' for some folks but not others. My memory is 'out to lunch' on what the problem was. It may have been the same problem as the OP is experiencing.

However, I DO remember the fix. The problem was due to someone being coded/listed as 'senior' rather than 'adult' in their personal info. I was one of those victims. I changed my status to 'adult', saved the profile changes, and viola! The problem was gone! I changed it back to 'senior' at some point later.

For what it's worth, I booked a couple of Acela first class trips in recent weeks and it gave me a message that a higher price had been applied due to my discount. I changed myself to 'adult' for the booking and saved about $15 for each Acela round trip. Go figure. Why Acela FC? With double TQPs this year and 50% bonus for Acela FC, it's a super way to get AGR status without spending a fortune! The microwaved food isn't so bad with the improved menu, either!
 
Last edited:
Tried your idea and listed myself as an 'adult' ... but your idea no longer works. Now when I sign in, the Account verification requirement pops on the screen directly without the chance to even place in my my regular password. Apparently I have been specially sanctioned and I expect that eventually my account will be deleted. I really hope this doesn't happen to anyone else.
 
I have the AGR card, entered as my primary payment method and am listed as a senior.

Two factor authentication is disabled and I have never enabled it.

I just checked my account and can access it without problems.
Thank you for all the help and support. The account verification code has now been disabled... but the screen says I can no longer access my account. Something is really wrong... I hope my reservations are still in place as I paid a lot of money for them. Amtrak reservations is no help because they say that 'there is no problem and everything should work.'

If I can be booted out of the program due to a tech glitch... then it can happen to others. Very concerning.
 
There was an announcement on the site back in July to change your password to avoid 2 factor. I changed mine as soon as I saw the notice, never had to 2 factor.
Likely the people getting caught up in 2 factor are people that haven't changed passwords in who knows how long, and thus present a major hack risk, as that password is likely reused across multiple websites.
 
I have the AGR card, and I'm not listed as a senior. Two factor authentication is disabled and I have never enabled it. I also haven't changed my password in forever. I just logged in without a code, no problem. But I am about to change my password (hope it doesn't mess anything up).
 
Multi-factor authentication along with strong, random passwords is absolutely paramount. Amtrak's IT department just bungled it like they always do.
That's for sure... I took every bit of advice from others on this strand... only to be disappointed again and again. Amtrak has been unhelpful to boot! It's a glitch and a real pain... technology abuse brings stressful complexity to the most basic tasks... goes well with those flex meals!
vtg-1981-black-rotary-dial-western_1_5c2abaa0b12adc59dab53fd35a00fe23.jpg
 
Multi-factor's is simply a recent fad; it adds some very large new security holes. But I suppose since most people don't practice even basic password security measures, it's done because of that. For such people whose passwords were not secure in the first place, it amounts to one-factor authentication. :sigh:
 
Multi-factor's is simply a recent fad; it adds some very large new security holes. But I suppose since most people don't practice even basic password security measures, it's done because of that. For such people whose passwords were not secure in the first place, it amounts to one-factor authentication. :sigh:
Real multi-factor involves a true authentication method like time-based or backup codes, not easily-compromised methods like email or SMS. Then, insecure passwords are less of an issue.
 
For the past couple of days I have been unable to log into my AGR account on either my laptop or cell. On the laptop, the site asks for my member number and password, which I type in. Then it brings up a message saying an additional verification code will be sent to my email and provides a space for me to type in this code. But no code ever arrives in my email. When I click on "send verification code again," still no code arrives.

So I called Guest Rewards this morning and asked what gives. The agent said that, because my email address is connected with a business (albeit a small business that I own), it's triggering some sort of security measure and AGR will no longer let me in. She suggested I set up a new personal email account with gmail or another provider, then call to change the email address of record on my Guest Rewards account.

As I don't see the point of having a separate email box just to deal with Amtrak Guest Rewards, my solution for now is to just call the AGR toll-free line for all transactions and inquiries, even stuff I could have done more easily online.

Interestingly, they will still send tickets to the same email address I've been using all along.
 
Well, while I am not making excuses for Amtrak's woebegone IT department, it would be easy enough to open a free email account for AGR. Then have it auto forward to your main email account.

I had to do something similar with my main banking account when my primary email account briefly closed because it exceeded the allowed space and a bank email bounced. I never could get the bank to again accept that reopened email account after it bounced one of their emails. So I gave them another account that is set up to forward their email to my main account. So I get my bank's email again in my main account without problem. Sometimes you just have to roll with a situation, even if it is stupid.

You can also set the account up to only forward Amtrak and AGR email and trash any spam that finds its way into it.
 
Last edited:
Well, while I am not making excuses for Amtrak's woebegone IT department, it would be easy enough to open a free email account for AGR. Then have it auto forward to your main email account.

I had to do something similar with my main banking account when my primary email account briefly closed because it exceeded the allowed space and a bank email bounced. I never could get the bank to again accept that reopened email account after it bounced one of their emails. So I gave them another account that is set up to forward their email to my main account. So I get my bank's email again in my main account without problem. Sometimes you just have to roll with a situation, even if it is stupid.

You can also set the account up to only forward Amtrak and AGR email and trash any spam that finds its way into it.
I had to do this years ago when I wasn’t getting AGR promotions to my ancient email account.
 
How do you set things to "auto forward" to a different email account? Keep it simple for me folks! :D
The details would depend on the setup in the system you are trying to auto-forward from. So there is no one set answer to that one. ;)
 
Most intelligent email systems have the ability to set up email aliases in that you create alternate name(s) for emails. This is different from forwarding in that there are basically multiple names for the same email and so they get automatically dumped into that same mailbox. I use them by the dozens so that different groups of sites i.e businesses, trusted businesses, friends, non-profits, medical, financial, specific high usage sites, etc, etc. They are easy to set up and some, for example, are throw-away e.g. xxxtemp001 (with xxx being my basename) when I unexpectedly are asked for an email from a specific untrusted site and wish to then throw it away if I get spammed.

In addition for easy forwarding, there is a wonderful add-on for Firefox and, I believe Chrome, that will fill in randomly generated email addresses (or you can create your own) at sites. You have to set it up in advance to forward all the generated ones to a single email (in my case, I use an alias). When you get the forwarded message, it has a section added that tells you how to block that email address if you wish. When you reply, the reply goes to the add-on company which strips off your real address and makes the message look like you are replying from the email to which the original email was sent. The stripped reply is then sent back to the sender. The add-on is called Blur and the company is Abine. The add-on is free and they have been in the privacy business for lots of years. To use it when you are confronted with a request to fill in your email, you just right-click the mouse in the email box, select "Blur" and then select "Mask my email". It automatically puts in a random email for you.

For Amtrak, I consider them to be a trusted business and use the trusted business alias. It's easy.
 
I've tried absolutely everything... changed my password, status as senior to regular, etc. Went to the cache place and messed up all sorts of stuff on this macbook air and took several hours to undo all the damage from that. I did reach someone at Amtrak several days ago who promised they'd get it to the 'right experts' to finally fix the problem. No luck. Same problem on Safari browser as on Chrome. Ok, so I just have to accept this but IMHO Amtrak management gets no respect from me.
 
I am a bit puzzled by this since it looks like I can at will either turn on two factor authentication or turn it off by toggling the "Enable/Disable" toggle in my profile. Does that not work for everyone? It appears to work in all the browsers I use (Firefox, Safari, Chrome). Very puzzling.
 
Back
Top