Why Does LY Require us to Change Password so Often?! LIAT!!
#1
FlyerTalk Evangelist
Original Poster
Join Date: Dec 2009
Location: HaMerkaz/Exit 145
Programs: UA, LY, BA, AA
Posts: 13,167
Why Does LY Require us to Change Password so Often?! LIAT!!
All right there in the title. I just can't keep up with remembering what the password is. It's one thing for banks in Israel to do it, but LY? (Not that the banks should do it, but at least I get it.)
#2
Join Date: Mar 2008
Location: Israel/United States
Posts: 1,234
Once upon a time people thought it was safer. There have been things saying it is LESS safe. Regardless this is what I do.
Lets say my password is ( it is NOT)
123ABC,
my new password becomes
123ABD
and then
123ABE
or you could do the reverse
Password123
Password124
Password125
Lets say my password is ( it is NOT)
123ABC,
my new password becomes
123ABD
and then
123ABE
or you could do the reverse
Password123
Password124
Password125
#4
Join Date: Jun 2004
Location: Israel (some of the time)
Programs: BA GGL, CCR; AF/KLM FB Silver; M&M LH FTL; LY GLD; HH Diamond; SPG Gold; A-Club Silver; Avis PCI
Posts: 2,054
Most airlines never require you to change your password. I have not had to change mine for years and it has never been an issue. Also, LY's password is convoluted with a 4 digit PIN plus 4 letters - a very weird implementation of security.
Overall the approach to web security at banks and other organizations in Israel has been very badly thought through. IME changing one's password regularly increases the security risk rather than reducing it, unless there is a good reason to do so such as a breach.
Overall the approach to web security at banks and other organizations in Israel has been very badly thought through. IME changing one's password regularly increases the security risk rather than reducing it, unless there is a good reason to do so such as a breach.
#5
Join Date: Feb 2005
Programs: EL AL Matmid, BA Executive Club GfL, GGL/CCR, Hilton Diamond, Avis President's Club
Posts: 2,085
After complaining about the issue, I have recently been told by my (Israeli) bank that they have dropped the requirement to change the password often.
#6
FlyerTalk Evangelist
Original Poster
Join Date: Dec 2009
Location: HaMerkaz/Exit 145
Programs: UA, LY, BA, AA
Posts: 13,167
Most airlines never require you to change your password. I have not had to change mine for years and it has never been an issue. Also, LY's password is convoluted with a 4 digit PIN plus 4 letters - a very weird implementation of security.
Overall the approach to web security at banks and other organizations in Israel has been very badly thought through. IME changing one's password regularly increases the security risk rather than reducing it, unless there is a good reason to do so such as a breach.
Overall the approach to web security at banks and other organizations in Israel has been very badly thought through. IME changing one's password regularly increases the security risk rather than reducing it, unless there is a good reason to do so such as a breach.
For UA, you have a password and PIN. The password and PIN I have have been the same since 2007 at least. Never had any issues whatsoever.
Which bank?!
#9
FlyerTalk Evangelist
Join Date: Feb 2002
Location: San Francisco/Tel Aviv/YYZ
Programs: CO 1K-MM
Posts: 10,762
Changing passwords regularly generally means that people change from a possibly secure password to one that is structured and/or written down.
worse for security...
worse for security...
#10
FlyerTalk Evangelist
Join Date: May 2005
Location: TLV/LHR
Programs: BA GGL, IHG Diamond Elite Amb, HH Diamond, Avis PC, Hertz PC, Sixt Platinum
Posts: 12,948
I hate it.
In fact I've forgotten my bank password 3 times in the past month due to the constant requirement to change it.
I've had the very same password with my UK bank as well as with all my other FF programs (BA,VS,IB etc) for years now, so what do these Israeli institutions know that they don't?
In fact I've forgotten my bank password 3 times in the past month due to the constant requirement to change it.
I've had the very same password with my UK bank as well as with all my other FF programs (BA,VS,IB etc) for years now, so what do these Israeli institutions know that they don't?
#11
FlyerTalk Evangelist
Original Poster
Join Date: Dec 2009
Location: HaMerkaz/Exit 145
Programs: UA, LY, BA, AA
Posts: 13,167
clubman, I'm the same. I just had to change my bank password (Discount). That means having to save the new password in my phone so I don't forget it which means I'm screwed if that gets hacked. At least my standard password is so random that I'm only in trouble if the bank themselves get hacked. Which is the same regardless of password
#13
FlyerTalk Evangelist
Join Date: May 2005
Location: TLV/LHR
Programs: BA GGL, IHG Diamond Elite Amb, HH Diamond, Avis PC, Hertz PC, Sixt Platinum
Posts: 12,948
Josh, I think reaching out to Liat here is a total waste of time.
Who knows if she's even working for them anymore, and if she is she sure hasn't been around here in a very long time...
Who knows if she's even working for them anymore, and if she is she sure hasn't been around here in a very long time...
#14
Join Date: May 2000
Location: Zichron Yakov, Israel
Programs: SPG Gold
Posts: 808
In regards to Israeli banks, don't blame them, most of the rules are set by the Bank of Israel, and in this regard Bank of Israel is following the pattern of Asian regulators like Singapore and Hong Kong.
In regards to El Al, it's yet another indicator of a poor website design, in that no one has done any sort of risk analysis on the password policies or any comparison with comparable airline frequent flyer websites. IF they had done a comparison they would have realized that no airline or hotel FF website requires users to reset their passwords on a regular basis, and the only cases where it has been required were in case of a security breach, or where the website is upgrading their password policy requirements to require more complex passwords.
In regards to El Al, it's yet another indicator of a poor website design, in that no one has done any sort of risk analysis on the password policies or any comparison with comparable airline frequent flyer websites. IF they had done a comparison they would have realized that no airline or hotel FF website requires users to reset their passwords on a regular basis, and the only cases where it has been required were in case of a security breach, or where the website is upgrading their password policy requirements to require more complex passwords.
#15
Join Date: Jun 2008
Posts: 4,187
Often times it is paranoia that is the greatest risk to security.