Originally Posted by
8fingeredflyer
How would this situation be different from you having your DL credentials phished or stolen by Zeus/Cridex/Spyeye? Ultimately it's up to the institution to authenticate their users before allowing them to perform actions (book or cancel tickets, transfer points, etc). If DL was concerned about the security of their data, they should be implementing a more robust authentication system, 2-factor auth just as an example. Allowing certain IPs access to an API for retrieving trip details and account balances wouldn't be that difficult if security is the concern.
i can't imagine why anyone would trust a site such as award wallet with their personal logon information. i'm glad that delta is killing their access. allowing some third-party site to store your security information seems to me to be suicide.
yes 2-factor auth is better, but DL does not use it. i think it's totally within DLs rights (and i believe an obligation to their customers) to block third-party access to user information. without having any say over how award wallet protects user information, i say it's best to not screw around allowing them to know how to get to my various accounts. why allow another point of security failure.
oh, and if award wallet is breached, ALL of your accounts are toast.