Amtrak website now requires 'multi-factor authentication' for 'some' members - 'why me?'

[fdaley]

I am a bit puzzled by this since it looks like I can at will either turn on two factor authentication or turn it off by toggling the "Enable/Disable" toggle in my profile. Does that not work for everyone? It appears to work in all the browsers I use (Firefox, Safari, Chrome). Very puzzling.

Don't you have to be already logged in to access your profile and set this toggle? For me, at least for now, I can't log in because Amtrak's system won't send my email a verification code for authentication.

 

[jis]

Don't you have to be already logged in to access your profile and set this toggle? For me, at least for now, I can't log in because Amtrak's system won't send my email a verification code for authentication.

Interesting! The only reason I got 2FA is because I enabled it. Until I enabled it I could just log in normally, and even now, if I disable it I can login normally again!

Something caused them to believe a few select to be less trustworthy on their own? That is pretty weird, specially doing so without verifying that they could still communicate. I guess more proof that they have a bunch of amateurs off the street trying to masquerade around as IT experts at Amtrak. Why can't their telephone agent turn 2FA off when requested by a verified customer?

 

[20th Century Rider]

I've tried absolutely everything... changed my password, status as senior to regular, etc. Went to the cache place and messed up all sorts of stuff on this macbook air and took several hours to undo all the damage from that. I did reach someone at Amtrak several days ago who promised they'd get it to the 'right experts' to finally fix the problem. No luck. Same problem on Safari browser as on Chrome. Ok, so I just have to accept this but IMHO Amtrak management gets no respect from me.

Here are the list of attempts I have made to disable the two factor authentication

1] since it was already on OFF, I switched it to on. Signed in with the authentication, then pushed the toggle back to OFF.
2] emptied the cache for Amtrak Site, then went back... that didn't work.
3] changed password... that didn't work
4] tried all of the above on both Chrome and Safari... it is required on both with no solution
5] changed my status from senior to adult. That didn't work
6] everything the Amtrak agents tell me when I call in doesn't work
7] whenever a suggestion is made on this strand... which I am grateful for... I try it but nothing works.
8] and almost impossible to sign in on my Iphone.

BTW I even googled it... and they refer me back to this site

 

[fdaley]

Interesting! The only reason I got 2FA is because I enabled it. Until I enabled it I could just log in normally, and even now, if I disable it I can login normally again!

Something caused them to believe a few select to be less trustworthy on their own? That is pretty weird, specially doing so without verifying that they could still communicate. I guess more proof that they have a bunch of amateurs off the street trying to masquerade around as IT experts at Amtrak. Why can't their telephone agent turn 2FA off when requested by a verified customer?

Well, exactly. I called and went through the usual phone verification process, expecting that the agent, satisfied that I was a legitimate AGR member, could figure out some way to override and grant me access online. Instead, she told me it was up to me to set up a new email address and then call them back when I had that in place -- so they could change the email address of record on my account.

 

[20th Century Rider]

Well, exactly. I called and went through the usual phone verification process, expecting that the agent, satisfied that I was a legitimate AGR member, could figure out some way to override and grant me access online. Instead, she told me it was up to me to set up a new email address and then call them back when I had that in place -- so they could change the email address of record on my account.

And I just talked to an agent who wrote the definition of 'rude.' He told me to place the Amtrak address in the URL; and sign in. So I signed in and up on the screen popped the 2FA. I told him that by putting it in the URL didn't stop the problem. He then said "Did I get you into the website?" I said "Yes but that doesn't solve the problem of 2FA. He then told me I didn't need to raise my voice at me... I've helped you get in and now I will need to hang up.

Oh well... expect not much... Amtrak is a government run institution. And many of these agents are on a power trip as they turn away polite but frustrated individuals who experience some kind of Amtrak problem. Meh!

 

[Ryan]

Amtrak is a government run institution

Do I need to quote 49 CFR 700.2 at you yet again?

The Act also states that Amtrak will not be an agency or establishment of the United States Government.

 

[JayPea]

I either didn't see or didn't pay attention to the announcement about changing my password. So after browsing through this thread I did just that. It first asked to verify my email with a code. All sorts of red flashing lights and warning bells went off, but the code arrived in my email without a fuss and I was easily able to change my password.

I know that doesn't help the OP. I sure hope you can get it straightened out. I know if it were me I'd be tearing out what little hair I have left. I know nothing about IT systems but even I know Amtrak's is absolutely one big mess.

 

[20th Century Rider]

Do I need to quote 49 CFR 700.2 at you yet again?

No... I know it well and recite it each evening before bedtime.

 

[John Santos]

And I just talked to an agent who wrote the definition of 'rude.' He told me to place the Amtrak address in the URL; and sign in. So I signed in and up on the screen popped the 2FA. I told him that by putting it in the URL didn't stop the problem. He then said "Did I get you into the website?" I said "Yes but that doesn't solve the problem of 2FA. He then told me I didn't need to raise my voice at me... I've helped you get in and now I will need to hang up.

Oh well... expect not much... Amtrak is a government run institution. And many of these agents are on a power trip as they turn away polite but frustrated individuals who experience some kind of Amtrak problem. Meh!

Ask to speak to his supervisor.

 

[Barb Stout]

I am so grateful to the OP and others on this thread because I had not signed into AGR for awhile and so after seeing this was wondering if I was going to have problems also. Let's just say if not for OP and this thread I would have had considerable frustration because my browser did not show any messages about receiving any special extra code to sign in as there appears to be something wrong with my browser. It has cut off certain parts of the screen and in this case, cut off something from the top. I can tell that's where the message must be as right at the top in the middle of the screen was a phrase that ended with the word "email". And indeed Amtrak AGR sent a code to my email that I used to get in. This is a new computer (Apple) and it imported all the previous settings and I have had other troubles with the new computer, so I guess I have to do a deep dive to figure out why I'm having so many problems.

 

[20th Century Rider]

Ask to speak to his supervisor.

When the agent told me... "I told you what to do and I'm going to have to hang up on you" I hung up on him! He obviously wasn't going to connect me with any supervisor. But I knew he had an 'attitude' the minute I started speaking with him... you know the kind... he had an 'agenda,' and a 'way of doing things his way.' I do wish Amtrak would have sent a survey so I could respond to the service... or lack of such... that I received. That guy does a disservice to Amtrak.

BTW I've tried to sign in on other computers and had the same 2FA problem... so I don't think it's the cookies.

I am so grateful to the OP and others on this thread because I had not signed into AGR for awhile and so after seeing this was wondering if I was going to have problems also. Let's just say if not for OP and this thread I would have had considerable frustration because my browser did not show any messages about receiving any special extra code to sign in as there appears to be something wrong with my browser. It has cut off certain parts of the screen and in this case, cut off something from the top. I can tell that's where the message must be as right at the top in the middle of the screen was a phrase that ended with the word "email". And indeed Amtrak AGR sent a code to my email that I used to get in. This is a new computer (Apple) and it imported all the previous settings and I have had other troubles with the new computer, so I guess I have to do a deep dive to figure out why I'm having so many problems.

If it's a new computer you shouldn't be having cookie issues; and can you get tech support that usually is offered with a new computer purchase???

 

[Barb Stout]

When the agent told me... "I told you what to do and I'm going to have to hang up on you" I hung up on him! He obviously wasn't going to connect me with any supervisor. But I knew he had an 'attitude' the minute I started speaking with him... you know the kind... he had an 'agenda,' and a 'way of doing things his way.' I do wish Amtrak would have sent a survey so I could respond to the service... or lack of such... that I received. That guy does a disservice to Amtrak.

BTW I've tried to sign in on other computers and had the same 2FA problem... so I don't think it's the cookies.


If it's a new computer you shouldn't be having cookie issues; and can you get tech support that usually is offered with a new computer purchase???

I'm sure I can. I don't think it's necessarily a cookie issue; I am suspicious that it has something to do with the accessibility settings as I have exceedingly bad vision and therefore have played around with those. I am currently making a list, but some of the problems are sporadic, so I am currently exploring what conditions trigger the weirdities.

 

[20th Century Rider]

I'm sure I can. I don't think it's necessarily a cookie issue; I am suspicious that it has something to do with the accessibility settings as I have exceedingly bad vision and therefore have played around with those. I am currently making a list, but some of the problems are sporadic, so I am currently exploring what conditions trigger the weirdities.

Rather unfortunate that Amtrak either refuses; or is unable to fix... the 2FA problem several of us are having.

 

[jis]

Rather unfortunate that Amtrak either refuses; or is unable to fix... the 2FA problem several of us are having.

They are overwhelmed by too many pesky customers. They would not want any more bothering them I suppose If they reduce train sizes some more maybe the whole problem will disappear on its own

 

[20th Century Rider]

They do have a dedicated line for Executive and Executive Plus customers who spend $5,000 to $10,000 per year on Amtrak travel. Calling in on a line for loyal customers should yield some kind of priority effort for such things as the 2FA problem. I have been able to get excellent assistance when there is a service disruption effecting an itinerary in process and would hope for the same with glitches on the website.

Certainly if they created the website or hired an IT group to handle it... they should be able to manage and fix website problems.

 

[dlagrua]

I can't even get in to the site let along toggle diable/enable in my profile. Tried on my phone and on my Laptop w Firefox. It just doesn't accept the authentication codes that Amtrak sends. Who can I contact?

 

[Qapla]

Did you enter the code yourself? Did you make sure the CAPS and lowercase were correct?

If you copied it, did you make sure there was not a "space" added when it copied? That sometimes happens to me when I copy codes

 

[20th Century Rider]

Did you enter the code yourself? Did you make sure the CAPS and lowercase were correct?

If you copied it, did you make sure there was not a "space" added when it copied? That sometimes happens to me when I copy codes

Its just some ordered numbers... did a copy paste and I did get in with that... but the issue is why is this procedure is needed even when my profile shows this feature is 'off?'

 

[20th Century Rider]

I can't even get in to the site let along toggle diable/enable in my profile. Tried on my phone and on my Laptop w Firefox. It just doesn't accept the authentication codes that Amtrak sends. Who can I contact?

Actually your frustrating situation is 'positive news' because it does indeed show that there is a problem with the website. Now the challenge is to get Amtrak to 'get it' and recognized they have an IT problem.

I do hope you, and I, and others get relief and that when management understands there's a problem they will finally take some action so the website works properly!!!!!

 

[zephyr17]

Just about every time I read a new post in this thread I go over to Amtrak.com and make sure I can sign in. I can,
2FA is still "off" and it doesn't ask for it.

Whatever random thing is causing the website to require 2FA when it is not selected or is forced on hasn't hit me. Yet.

I've had some bad experiences with 2 FA on other sites, verification emails not sent, or sent hours after the verification window expires. I only use 2FA now on financial and medical sites where they have to keep their act together.

 

[20th Century Rider]

Just about every time I read a new post in this thread I go over to Amtrak.com and make sure I can sign in. I can,
2FA is still "off" and it doesn't ask for it.

Whatever random thing is causing the website to require 2FA when it is not selected or is forced on hasn't hit me. Yet.

I've had some bad experiences with 2 FA on other sites, verification emails not sent, or sent hours after the verification window expires. I only use 2FA now on financial and medical sites where they have to keep their act together.

The Amtrak website and reliable agent connections should now be a concern for all patrons given the lack of acknowledgement or understanding of management regarding helping those affected with the Amtrak website problems. Last contact for help connected me with an agent that basically said, "It is what it is."

This is a problem that is real and that is causing great frustration and inconveniences... Will they help us? Can they help us? Is there a breakdown with agent attitudes? It's all about connection between service and clients.

 

[PaTrainFan]

I do not have two factor authentication turned on, either in browser or app, yet earlier today I was prompted for the verification code when logging into the app, though without incident. I have been a strong proponent of 2FA, but now I am given pause with all the issues I am reading about. I mainly use it for financial accounts.

 

[AmtrakBlue]

Has anyone tried contacting Amtrak via their Twitter or Facebook?

 

[alpha3]

I signed in today and got the immediate response that my password must be changed; nothing about 2Fa but when I changed it, I got the notice about the verification code. I did it, and it was fine. Many sites use this now, my credit union account uses 2Fa, you don't have a choice. I don't find it burdensome, just my .02 though.

 

[zephyr17]

I signed in today and got the immediate response that my password must be changed; nothing about 2Fa but when I changed it, I got the notice about the verification code. I did it, and it was fine. Many sites use this now, my credit union account uses 2Fa, you don't have a choice. I don't find it burdensome, just my .02 though.

I don't find it burdensome when implemented competently, as your credit union probably has and where I do banking has.

However, places where that have not done it competently, it ranges from being a PITA to preventing access to accounts entirely. A major issue where it isn't done well is the timely generation and transmission of verification codes and inflexibility of transmission of codes (email only? Seriously? Email is ridden with flaws).

Having had some bad experiences, I stopped using 2FA except for financial and health care. Not only is that where it really matters, those organizations pretty much have to have their act together when it comes to 2FA and it usually is implemented well.

As far as Amtrak IT, well, to mix metaphors, Amtrak IT is a clown car being driven off a cliff. No way I'd do 2FA voluntarily with my Amtrak/AGR accounts. I am just afraid that some poorly implemented change will accidentally force it, as had happened to some here.