Disney appears to be in the process of rolling out 2-factor authentication on the Disney Vacation Club members-only website.
Recent attempts to access personal information on the members-only site have yielded a pop-up box requesting an authentication code before proceeding. The 6-digit code is sent via email and must be entered within 15 minutes in order to access the site. This process is commonly referred to as 2-factor authentication. Without the additional validation step, the site can be accessed by any individual who has obtained an active username and password. The use of a verification passcode ensures that access is not granted until the code is delivered to the email address on file, and entered by the account owner.
Availablity of this feature has been sporadic throughout the day. On one login attempt, the code did not arrive until 23 minutes after its request, with the code allegedly expiring after just 15 minutes. Other times access has been granted without the validation code prompt.
In the days following the 2019 launch of Disney+, the company's login processes came under scrutiny for an apparent wave of stolen accounts. Soon after, Disney implemented an email notification process, by which users would receive an email every time their credentials were used at any Disney site. The unified login system a single set of Disney (go.com) credentials to access most company websites including ShopDisney, ESPN, ABC, Marvel, Star Wars and more.
This would be the first time Disney required the second verification level before permitting access to any of those sites.