• The TUGBBS forums are completely free and open to the public and exist as the absolute best place for owners to get help and advice about their timeshares for more than 30 years!

    Join Tens of Thousands of other Owners just like you here to get any and all Timeshare questions answered 24 hours a day!
  • TUG started 31 years ago in October 1993 as a group of regular Timeshare owners just like you!

    Read about our 30th anniversary: Happy 31st Birthday TUG!
  • TUG has a YouTube Channel to produce weekly short informative videos on popular Timeshare topics!

    Free memberships for every 50 subscribers!

    Visit TUG on Youtube!
  • TUG has now saved timeshare owners more than $23,000,000 dollars just by finding us in time to rescind a new Timeshare purchase! A truly incredible milestone!

    Read more here: TUG saves owners more than $23 Million dollars
  • Sign up to get the TUG Newsletter for free!

    Tens of thousands of subscribing owners! A weekly recap of the best Timeshare resort reviews and the most popular topics discussed by owners!
  • Our official "end my sales presentation early" T-shirts are available again! Also come with the option for a free membership extension with purchase to offset the cost!

    All T-shirt options here!
  • A few of the most common links here on the forums for newbies and guests!

Should Vistana.com have 2 Factor Authentication?

DannyTS

TUG Member
Joined
Mar 24, 2018
Messages
5,753
Reaction score
3,076
I know, I am probably paranoid about this but I sometimes fear that if I am ever hacked somebody can cancel my reservations and can create a nightmare scenario especially when the plane tickets are bought and family members are invited to travel with us. How do you feel about this?
 

sjsharkie

TUG Member
Joined
Dec 26, 2012
Messages
2,324
Reaction score
441
I know, I am probably paranoid about this but I sometimes fear that if I am ever hacked somebody can cancel my reservations and can create a nightmare scenario especially when the plane tickets are bought and family members are invited to travel with us. How do you feel about this?
I work in information security.

The answer is yes, as account takeovers continue to rise across the industry, fueled by mass credential breaches that have occurred over the last few years.

But two factor costs money. Think about every SMS that has to be sent, etc. Given the cost cutting going on with the call center wait times, and the fact that MVCI does not use two factor for their login, I don't see it happening soon.

Best thing you can do is use a password vault like LastPass (which is what I use) and have a strong master vault password. My Vistana password is over 15 random characters long and would be costly for a hacker to brute force.

Ryan

Sent from my SM-G965U using Tapatalk
 

controller1

TUG Member
Joined
Aug 14, 2017
Messages
3,044
Reaction score
1,943
Location
Tulsa
Resorts Owned
Westin KORVN OF
Westin Nanea OF
Westin FLEX
I work in information security.

The answer is yes, as account takeovers continue to rise across the industry, fueled by mass credential breaches that have occurred over the last few years.

But two factor costs money. Think about every SMS that has to be sent, etc. Given the cost cutting going on with the call center wait times, and the fact that MVCI does not use two factor for their login, I don't see it happening soon.

Best thing you can do is use a password vault like LastPass (which is what I use) and have a strong master vault password. My Vistana password is over 15 random characters long and would be costly for a hacker to brute force.

Ryan

Sent from my SM-G965U using Tapatalk

Agree.

Everyone should use a password vault and never use the same password on multiple sites. My Vistana password is 20 random characters and by using a password vault I don't have to remember any of my passwords other than that of the vault itself.
 

DannyTS

TUG Member
Joined
Mar 24, 2018
Messages
5,753
Reaction score
3,076
I work in information security.

The answer is yes, as account takeovers continue to rise across the industry, fueled by mass credential breaches that have occurred over the last few years.

But two factor costs money. Think about every SMS that has to be sent, etc. Given the cost cutting going on with the call center wait times, and the fact that MVCI does not use two factor for their login, I don't see it happening soon.

Best thing you can do is use a password vault like LastPass (which is what I use) and have a strong master vault password. My Vistana password is over 15 random characters long and would be costly for a hacker to brute force.

Ryan

Sent from my SM-G965U using Tapatalk
How is Google password manager that is integrated to Chrome in terms of safety?
 

okwiater

TUG Member
Joined
Mar 9, 2010
Messages
1,714
Reaction score
276
Resorts Owned
WKV 2B Plat+ (x2)
WSJ 3B Plat+ (VGV/BV)
WLR 2B Plat+ Oceanside
SMV 2B Plat+
Sheraton Flex (x2)
I’m actually more worried about the lack of security when calling Vistana by phone. All someone needs to wreak havoc on my reservations is my name and address, which are part of every rental agreement I have ever sent out. And yes, I am aware I could try to obscure them, but a quick public records search would defeat that as well. The lack of any meaningful safeguards is really unconscionable.
 

PamMo

TUG Review Crew: Veteran
TUG Member
Joined
Jul 17, 2006
Messages
5,369
Reaction score
3,267
Location
NV
I’m actually more worried about the lack of security when calling Vistana by phone. All someone needs to wreak havoc on my reservations is my name and address, which are part of every rental agreement I have ever sent out. And yes, I am aware I could try to obscure them, but a quick public records search would defeat that as well. The lack of any meaningful safeguards is really unconscionable.

Absolutely agree with this. When calling in, half the time I'm asked, "Is your email still XXXXXX and ...."
 

jabberwocky

TUG Review Crew
TUG Member
Joined
Apr 30, 2016
Messages
2,829
Reaction score
2,594
Resorts Owned
SVR, SDO, WKORV-N, Westin Flex, HGVC (BLVD)
I'm for two-factor authentication, but I don't think it should be via SMS. I regularly swap out SIM cards when traveling overseas and would not want to be locked out of my account because of this. There have also been reports of cell phone numbers being taken over by scammers who then use the SMS feature, so this is a false sense of security.

For example, I was traveling in the US last year and knew I had a Capital One credit card payment coming up. I went to log into the Capital One website. Capital One detected there was a change in IP address (even though it was the same laptop) and would not let me in without a text message (which was not possible since I had my US SIM card with me). I managed to end up calling in and finding out the balance to be paid, but it was a huge pain and a waste of time.

In contrast my brokerage account uses 2FA but it is tied to an app on my phone which uses the device MAC address. When I log in on the computer a message pops up on the phone asking for my password and facial recognition (iPhone 11). Once that is provided the website automatically logs in.
 

DannyTS

TUG Member
Joined
Mar 24, 2018
Messages
5,753
Reaction score
3,076
I’m actually more worried about the lack of security when calling Vistana by phone. All someone needs to wreak havoc on my reservations is my name and address, which are part of every rental agreement I have ever sent out. And yes, I am aware I could try to obscure them, but a quick public records search would defeat that as well. The lack of any meaningful safeguards is really unconscionable.
I absolutely agree with you and that should be addressed as well. About a year ago, as someone suggested on TUG, I called Vistana to add a key word to my account and they said they would ask about it every time I would call. Not only they did not ask me the key word when I called them again but the key word and the question appeared on my annual bills, all of them, a clear failure of what that key word was supposed to do.
 

bogey21

TUG Member
Joined
Jun 8, 2005
Messages
9,455
Reaction score
4,664
Location
Fort Worth, Texas
It is fine unless you are like me and have text messaging blocked on your primary cell phone. I tolerate the ones where I have to answer stupid questions like where did I get married of my Mother's middle name...

George
 

sjsharkie

TUG Member
Joined
Dec 26, 2012
Messages
2,324
Reaction score
441
How is Google password manager that is integrated to Chrome in terms of safety?
Safety-wise, I would trust Google -- their security is top notch.

However, not sure Google password manager is available on every platform. So, if you are not using Chrome or Android platforms, you may be out of luck in having easy fill-in access to your vault because the plug-ins for say Safari might not be available. (Of course you can always manually access your vault and cut/paste -- but that is not the most friction-free solution.)

-ryan
 
Top