2 Factor Authentication

[zavandor]

Disney IT certainly deserves the reputation they have.

 

[Gr8scott]

It makes me wonder how much of my personal information was leaked……this time…as zero details were given in the email.

 

[Sandisw]

It makes me wonder how much of my personal information was leaked……this time…as zero details were given in the email.

The only way for one to have gotten in is with a verified number or email as part of your account that matched with MDE.

So, the only way for someone to have those would have been to hack into that system first and change the number or email.

I doubt there was any level of breach since there was still one layer, which is what we are back to

 

[KAT4DISNEY]

It makes me wonder how much of my personal information was leaked……this time…as zero details were given in the email.

Much of your personal info that is available on the DVC site is also recorded with Orange County and anyone can search there.
I don't think this was a breach. Just a failure in something new that is probably unnecessary anyway - at least for DVC since we're out in the open via public records.

 

[nightwing12]

Disney IT certainly deserves the reputation they have.

unbelievable their fix for the no password needed is to roll back 2FA.. id love to meet the person in charge of their tech because they are really bottom of the barrel. there are so many out of the box auth tools they could use, instead they roll their own that doesnt work..

 

[CarolynFH]

It makes me wonder how much of my personal information was leaked……this time…as zero details were given in the email.

There was no breach. Their 2FA process didn't work, so they went back to password as before.

 

[Gr8scott]

“During this transition, we learned that one aspect of the process was not working the way we originally intended. Therefore, we have made the decision to revert to the previous login process, and plan to implement additional enhancements in the coming months.”

My point is they don’t give us any real info and only tell us one aspect of the process was not working. What aspect was it? Wasn’t the point of this change to make our accounts more secure?

Pardon my skepticism but after receiving multiple communications in the past regarding my CC “may have been compromised” while staying at DVC properties, along with subsequent multiple identity theft issues I get concerned with vague communications like this.

 

[wdw4rfam]

All I know is I’m glad it’s gone. My son and I were logging in probably 20-30 times a day at least while stalking for the last night we needed. When they switched to this he couldn’t check anymore while I was at work because I had my phone. They lifted this and within one day we got that night by stalking again. Caught it before the waitlist.

 

[CarolynFH]

“During this transition, we learned that one aspect of the process was not working the way we originally intended. Therefore, we have made the decision to revert to the previous login process, and plan to implement additional enhancements in the coming months.”

My point is they don’t give us any real info and only tell us one aspect of the process was not working. What aspect was it? Wasn’t the point of this change to make our accounts more secure?

Pardon my skepticism but after receiving multiple communications in the past regarding my CC “may have been compromised” while staying at DVC properties, along with subsequent multiple identity theft issues I get concerned with vague communications like this.

People didn’t have to enter their passwords - they could enter a single letter or number and receive the text or email with the code. So instead of 2 factor authentication (password plus code), it was 1 factor authentication (code only). IOW, not working as they wanted it to.