Sharing your BSPlink and 2 factor authentication (2FA)
IATA announced that agents and airlines accessing the BSPlink or EasyPay (IEP) service in the IATA Customer Portal (ICP) are required to add Two-Factor Authentication (2FA) in their ICP login procedure. Sharing an ICP user login would no longer be possible or allowed after 2FA was activated in their account.
Due to the hacks suffered by Accelya that lead to temporarily reinstating the “old” BSPlink, IATA made the requirement an optional feature. Well, procrastination is not the thief of time in this case. The requirement to add 2FA will be effective again soon once the new BSPlink is available.
We do not criticise IATAs policy related to 2FA. On the contrary, we can only encourage adding security to a system where billions of Euros are processed each year. However, we believe that this also should be an individual responsibility of the agent. Moreover, the claim of IATA isn’t correct. Of course, you can continue sharing your ICP account with colleagues. We do not think that this assertion by IATA has to do with faulty technical assumptions, but many agents will mistakenly presume it to be true and are tempted to go for additional (paid) BSPlink accounts. Costs: 25 to 75 USD per month and user account.
For those who are interested, we have a detailed paper explaining how to continue sharing your BSPlink login with multiple users. If you would like to receive a free copy, just send an e-mail to firstname.lastname@example.org stating your name and company and you receive a copy the same day.