Facebook / Google login
Aug 28, 2015, 2:44 pm
#1
A FlyerTalk Posting Legend
Original Poster
Join Date: Sep 2012
Location: SFO
Programs: AC SE MM, BA Gold, SQ Silver, Bonvoy Tit LTG, Hyatt Glob, HH Diamond
Posts: 44,359
Facebook / Google login
Is this new?
I can now log in to my Aeroplan account using Facebook or Google auth.
Now all I want is for them to remove the ability to log in with a password, and their security will go from a rating of "crap" to "decent"
I can now log in to my Aeroplan account using Facebook or Google auth.
Now all I want is for them to remove the ability to log in with a password, and their security will go from a rating of "crap" to "decent"
Aug 28, 2015, 4:14 pm
#4
A FlyerTalk Posting Legend
Original Poster
Join Date: Sep 2012
Location: SFO
Programs: AC SE MM, BA Gold, SQ Silver, Bonvoy Tit LTG, Hyatt Glob, HH Diamond
Posts: 44,359
Which, to be fair, is a lot less (probably the minimum) than other sites that allow Google login. Basically enough to associate your Aeroplan account to your Google account.
Aug 28, 2015, 4:15 pm
#5
Suspended
Join Date: Jun 2009
Location: YYZ
Programs: AC E50K (*G) WS Gold | SPG/Fairmont Plat Hilton/Hyatt Diamond Marriott Silver | National Exec Elite
Posts: 19,284
Aug 28, 2015, 4:22 pm
#7
Join Date: Aug 2010
Location: Why? Why? Zed! / Why? You? Elle! / Gee! Are You!
Programs: Irrelevant
Posts: 3,543
Aug 28, 2015, 4:23 pm
#8
Join Date: Aug 2010
Location: Why? Why? Zed! / Why? You? Elle! / Gee! Are You!
Programs: Irrelevant
Posts: 3,543
Aug 28, 2015, 4:27 pm
#9
Join Date: Mar 2014
Programs: AC*Tangerine
Posts: 417
Aug 28, 2015, 6:54 pm
#10
Join Date: Nov 2009
Location: YVR
Programs: Non-status bottomfeeder
Posts: 827
Outsource something heavy, complicated, and security related to a much more secure body like Google or Facebox? Yes please. Way batter than AP IT monkeys trying to figure out how to salt and hash.
This is an interesting watch if anybody is interested.
Marriott
BC Ministry of Citizens Services
Vancouver Symphony Orchestra
Aug 28, 2015, 7:07 pm
#11
Join Date: Apr 2004
Location: Toronto
Programs: AC SE 1MM, Bonvoy Lifetime Titanium Elite
Posts: 918
When I try to connect via google, I get a very odd looking error, below. If you go to cingularity.ca (the email in the error) it brings you to some random dudes website... corporate IT at it's best!
Just to be sure, are we sure these buttons are legit?
>>>>>>>>>>>>
400. That’s an error.
Error: redirect_uri_mismatch
Application: Aeroplan.com
You can email the developer of this application at: [email protected]
The redirect URI in the request: http://www3.aeroplan.com/social/googlelogin did not match a registered redirect URI.
>>>>>>>>>>>>
Just to be sure, are we sure these buttons are legit?
>>>>>>>>>>>>
400. That’s an error.
Error: redirect_uri_mismatch
Application: Aeroplan.com
You can email the developer of this application at: [email protected]
The redirect URI in the request: http://www3.aeroplan.com/social/googlelogin did not match a registered redirect URI.
>>>>>>>>>>>>
Aug 28, 2015, 7:08 pm
#12
Join Date: Oct 2009
Location: YVR
Programs: AC*SE MM, Marriott Titanium, National Executive
Posts: 1,586
Using Google is the safer option (especially if you enable 2 step identification).
Google generates a token for aeroplan that can only be used by aeroplan and just says that this is you based on the fact that you are logged in to your google account.
It's not like aeroplan now has access to your google account.
Google generates a token for aeroplan that can only be used by aeroplan and just says that this is you based on the fact that you are logged in to your google account.
It's not like aeroplan now has access to your google account.
Aug 28, 2015, 7:39 pm
#13
Join Date: Jun 2014
Programs: NEXUS GE, TSA-Pre, AC E50K
Posts: 398
Using Google is the safer option (especially if you enable 2 step identification).
Google generates a token for aeroplan that can only be used by aeroplan and just says that this is you based on the fact that you are logged in to your google account.
It's not like aeroplan now has access to your google account.
Google generates a token for aeroplan that can only be used by aeroplan and just says that this is you based on the fact that you are logged in to your google account.
It's not like aeroplan now has access to your google account.
I agree, with this, even though I was saying earlier that only the less-technically inclined would use this. That was actually a very naive statement as more technically inclined (actually lets call it security caution) person would know a token from your other account versus having the same password on multiple different accounts, is much safer.
Otherwise, sites that don't have this feature, a password manager is in order.
AC also already has your email, credit-card info, and generally speaking, address. There's really not much to worry about.
Aug 28, 2015, 9:07 pm
#14
FlyerTalk Evangelist
Join Date: Feb 2004
Location: YVR
Programs: AC SE 2MM; UA MP Premier Silver; Marriott Bonvoy LT Titanium Elite; Radisson; Avis PC
Posts: 35,255
NOT
Aug 28, 2015, 9:47 pm
#15
Join Date: Jul 2013
Location: MLL / AC Cafe
Programs: It's hard to get status when the website won't let me book flights.
Posts: 5,706
It's pretty standard for sites to offer this no a days. It's nice to see that they are at least trying to keep up with the public's demands.