Originally Posted by
ckpeter
They have already clarified that there was not a system weakness.
I would say that a failure to require users to set complex passwords is a clear system weakness.
Further comments have highlighted the lack of password re-entry requirement for the display of saved passwords - sounds to me like another system weakness.
Originally Posted by
ckpeter
Given that someone guessed your (weak?) password and got all your account information, I would say AwardWallet would be invaluable in tracking down rogue redemptions.
I agree that AW can be incredibly useful. Maybe they should only operate on the "locally saved" password basis. Thankfully I set-up my AW account like that from the start
