Programs: AA Lifetime PLT, HH Gold, DL/UA/CO/AS Elite
Posts: 14,353
Quote:
Originally Posted by worldtraveler19
... surprised it took you so long to act on this.... glad you sorted it out with AA-- moral of the story-- next time you have another partner, be vigilant about which passwords you will share- like I would NEVER share my personal/work email or any of my airline acct passwords.... many things could be shared and it is your choice, but one also needs minimal personal space
This had nothing to do with sharing passwords, but rather the ease at which the OP's ex could change the password. AA could simply do it like other places. That is, if you want to change your password, they send a link to your email address or phone number on file.
This had nothing to do with sharing passwords, but rather the ease at which the OP's ex could change the password. AA could simply do it like other places. That is, if you want to change your password, they send a link to your email address or phone number on file.
Disagree entirely. It has EVERYTHING to do with sharing passwords and nothing to do with ease of changing passwords. Anyone who has full access to an account should be able to change passwords. It was the OPs fault for not changing all his login info immediately - and that he allowed it to happen 80-90 times speaks to his poor judgement more than the ex's...Fool me once, shame on you. Fool me 80-90 times...
Disagree entirely. It has EVERYTHING to do with sharing passwords and nothing to do with ease of changing passwords. Anyone who has full access to an account should be able to change passwords. It was the OPs fault for not changing all his login info immediately - and that he allowed it to happen 80-90 times speaks to his poor judgement more than the ex's...Fool me once, shame on you. Fool me 80-90 times...
What happens when you recover a password on the AA site - does it give you your password right there or does it email it to you? If its the former, and you can get the password with just your name and FF# then there is no login info to change.
If someone knows your aa number and your name they can get in
How does one get someone's password with just name and AAdvantage number? Are you saying that you can call Web Services and they'll just give that information? I'm not even sure that they have access to it...may be a reset sort of thing. I doubt this.
How does one get someone's password with just name and AAdvantage number? Are you saying that you can call Web Services and they'll just give that information? I'm not even sure that they have access to it...may be a reset sort of thing. I doubt this.
Cheers.
I checked to see what happens on the web site if you go through the "forgot password" process. It sends a temporary password to the email address in your profile. So, someone could change your password with just your name and FF# (possibly disrupting your access, at least temporarily), but they shouldn't be able to actually get into your AA account unless they can get into your email. It would help if OP clarified whether this is what has been happening - and if thats the case why his email wasn't secured.
I checked to see what happens on the web site if you go through the "forgot password" process. It sends a temporary password to the email address in your profile. So, someone could change your password with just your name and FF# (possibly disrupting your access, at least temporarily), but they shouldn't be able to actually get into your AA account unless they can get into your email. It would help if OP clarified whether this is what has been happening - and if thats the case why his email wasn't secured.
It was probably secured using the same Q&A process as every other account...
__________________ Never ascribe to malice that which is adequately explained by incompetence
Programs: AA Lifetime PLT, HH Gold, DL/UA/CO/AS Elite
Posts: 14,353
Quote:
Originally Posted by farwest101
Disagree entirely. It has EVERYTHING to do with sharing passwords and nothing to do with ease of changing passwords. Anyone who has full access to an account should be able to change passwords. It was the OPs fault for not changing all his login info immediately - and that he allowed it to happen 80-90 times speaks to his poor judgement more than the ex's...Fool me once, shame on you. Fool me 80-90 times...
Not correct. I don't think OP shared 80 to 90 different password.
I actually have tried this as a test.
Try it... You don't need to have access to the owner's email account
Select the forgot password link on the login page.
You will see the text between the lines.
_____________________________________________
Verify Email Address
Is this still your correct email address? (address is partially hidden for your privacy):
**************@GMAIL.COM
If correct, select Yes to receive a temporary password at this email address.
If not, select No. We will ask you a few questions about your account for your verification and then allow you to enter your email address so we can send you a temporary password.
The verification questions;........ simply the zip code and country.
You are then asked for your new email address.
Easy Peasy, even if you don't know the person
1. Find a boarding pass
2. Lookup person in the origin or destination area, better if the name isn't too common
If you actually know the person, then it's a piece of cake
That's absurd. None of this is particularly secret information, especially not the name and aadvantage number. You should have to at least call in if you're resetting your password and don't have access to your email, so at least you're a lot more on record about committing identity theft/fraud if you're trying to abuse this.
I guess I'll never be cavalier about leaving my boarding pass on the plane, or throwing it away intact into a random trash can in the airport.
I guess I'll never be cavalier about leaving my boarding pass on the plane, or throwing it away intact into a random trash can in the airport.
I guess I incorrectly assumed that, in today's world of identify theft, privacy issues, etc. that nobody would be "cavalier" about leaving personally identifying information lying around intact even prior to this thread existing...
I do not (and have not for years) leave ANYTHING with personally identifiable information outside my custody/control without destroying it. EVER.
The fraud issue has crossed my mind, too. If she has done this 80-90 times why not do something legal to stop her? Is it because she didn't actually steal miles (book tickets?). Surely the harrassment should not have to be tolerated.
