GUWonder

Sorry to hear this hit. It's important to have strong password use habits, and not having those creates risks. Two factor authentication to use accounts is a hassle, but if more companies went this way then there would be fewer people and companies victimized by password misuse.

But if your electronic devices are compromised, kiss goodbye to the effectiveness of even strong password use habits. Two vector authentication is harder to undermine but then the companies have to deal with more customer complaints and inquiries when account access is problematic even for the legitimate account user.

Increased frequency of password changes does provide some increased account security.

PUCCI GALORE

I'd feel that I had been personally violated if that happened to me - I do feel sorry for you.

Increasing password change is all very well - but you are the one that has to remember them. The bank in France decided that I had to change and that was all well and good - my PC remembers them for me (that's probably not safe either - but ultimately what is 100% safe). I, of course, was so used to the old one that after three attempts on another PC, I was locked out. I was most vexed when I realised what I had done.

My passwords are 12 - 15 long and have everything but symbols. I look daily and at the Bank Statements.

Anyhow, that is irrelevant, more to the point what are BA doing about this? Has something been booked and used?

stifle

Has any airline? I suspect 95%+ of passengers would not want to use it.

Washington DC

The trouble you have is that hackers aren't learning your passwords then hanging around before using the points - as soon as they guess or discover, then they're redeeming for items that can be used quickly (gift vouchers, immediate travel).

Changing your password 2 weeks later will stop them coming back, but normally your account will be cleaned out.

If you're going to make an effort, go for a password manager and a secure, unique password for each site you use (as well as 2 factor where available).

markle

The industry is beginning to disagree with that point of view - essentially where you have mandatory password changes people tend to use simpler passwords and then alter them in a very predictable way after each reset. In the end it's felt that any security benefit gained from having changing passwords is offset by the simplicity / predictability of passwords used.

There's a good blog post about this at https://www.ftc.gov/news-events/blog...ssword-changes

HIDDY

That certainly mirrors my experience when using certain sites airline and bank accounts. Every few months I'm forced to change my password so just alternate between the same two all the time. I know it's supposedly for my own good but it's a pain in the backside when you're in a hurry.

AJLondon

United started doing it last year. And I'm glad it has.

Gshumway

I am using a program (1Password in my case), which will generate passwords. These passwords are stored in an encrypted vault with a master password. This vault is synced to a cloud location (like Dropbox) and I have that program on two PCs, my phone and tablet, all setup to sync from the cloud location. On phone and tablet the vault can be unlock with fingerprints, which makes it quick.

These passwords are not guessable and no password is used twice. Have to change password in a browser? Right click the password field and select generate password.

jordie

Will have a look at this, i use similar passwords at times and sometimes the same on different sites.

markle

You could imagine limited two-factor being relatively unobtrusive and making sense - e.g. for redemptions receiving a verification code on your phone that you need to key in.

antichef

LastPass does the same for me. There is a thread on FT here:
http://www.flyertalk.com/forum/trave...passwords.html

antichef

If there has been no change on the OP's account details to change anything eg email notification, is it possible that this is not a hack but a human error? Otherwise the auto-notification email would have alerted the OP.

Could a person make a telephone booking with BA and the person making it mistype the BAEC number? Or some similar error so that the booking really was for somebody else and the wrong BAEC number has been used - it only requires a single digit error?

No doubt the OP may find out in due course.

nei1c

I use Lastpass for this. When you sign up it'll retrieve all of your passwords stored in you web browser which will encourage you to change them - the Security Challenge shows you just how bad the passwords you're using are and how many times you've reused them which was a real eye opener for me.
They've even got an app for your phone which if you've got a fingerprint reader is a doddle to use - you just enter your password or fingerprint and it'll fill in your login details into any app or the web browser. I think you need a Premium account to get the phone app but it's only $1 a month. You'll get a month free premium if you sign up through this link - https://lastpass.com/f?15566042
Since using this I've moved all passwords that I can to 15-20 character alphanumeric with symbols so pretty much as secure as you can get.

jordie

cheers ill take a look

SvenAge

I'm not sure we can accuse the russians yet. A google search of trump and hungary did produce a link..

http://www.usmagazine.com/celebrity-...l-room-w461160

but i'm not for one second suggesting something went on. I think the hungary-trump-russia-avios connection is probably a big coincidence, unless he pays for his stays with avios..