London’s TfL have emailed all its customers to inform them that in early 2023, it’ll be making Multi-Factor Authentication (MFA) a mandatory requirement for its online accounts used for TfL Oyster and contactless. The accounts are used to manage the contactless cards on file and then subsequently view the journeys made, the tap-in and tap-out times and how much that journey cost too.
Starting in early 2023, TfL will be making Multi-Factor Authentication (MFA) a mandatory requirement for its online accounts, this is to make the accounts more secure. TfL looks to be planning on using mobile phone numbers, with an SMS code sent to your device. They could have made this much better by using Time-based one-time password (TOTP), as this is more secure but it is at least making this a requirement, as many users don’t bother enabling any form of MFA.
“As you do today, you will sign in to your TfL Oyster and contactless accounts using your existing email address and password. Following the update, you will be required to set up MFA by providing your mobile number. As part of the update, we have also redesigned some of our website so some screens will look a bit different.”
Like all 2FA/MFA systems, when signing in the TfL website will ask you for that six digit code to verify who you are and TfL is not planning on making this system optional – which is good.