Originally Posted by apudme
Perhaps we should have to input a third level of security, such as date of birth or random digits from a preassigned additional PIN number, as is the case with online banking?
One service I use requires a separate PIN to be entered to authorise the transaction. I.e. the normal login gives full access to most services, but crucial ones require a separate authorisation. In the BA context, this could be used on one of the booking pages as an additional step; e.g. "Enter your Booking PIN: ".
I'd prefer this model to one login to a "full access" account system. E.g. initial login should give basic functionality only.