300,000 miles stolen from my Avios BA account
#46
FlyerTalk Evangelist
Join Date: Aug 2002
Location: London
Programs: Mucci. Nothing else matters.
Posts: 38,642
Or are you saying that web browsers will store your passwords in the cache or somewhere else even though you have switched off password storage (which I always thought was one of the most basic security steps there was)?
#47
Join Date: Jan 2014
Location: Aberdeen
Programs: BA Rust
Posts: 140
I've just checked mine again and found a few that Microsoft Edge had kindly stored for me - turning it off through Internet Options in Control Panel doesn't affect Edge which has it's own settings.
#48
Join Date: Jun 2011
Location: UK
Programs: BAEC, HHH (Diamond), Le Club (Platinum), Hertz (Gold), Priority Club,
Posts: 101
I noticed that the points had been taken out last week for a stay at a hotel in Hungary.
#49
Suspended
Join Date: Jul 2001
Location: Watchlisted by the prejudiced, en route to purgatory
Programs: Just Say No to Fleecing and Blacklisting
Posts: 102,103
That varies. On award nights or on otherwise direct billed nights, I've checked into a fair number of hotels in Europe where I've shown no bank card and no ID at check-in.
I'd read that many months ago and there is indeed something to that. But when companies both require more complex passwords during a company-required password change and restrict use of a prior password or part of a prior password from being re-used, the increased frequency of password changes does help increase account security unless bad password creation/retention habits are allowed and/or being used (as is very often happening).
Some of the raids on compromised airline program accounts involve redeeming high value awards upon the thieves finding the "right customer". And other raids on compromised accounts involve immediate redemptions to do as indicated above.
The industry is beginning to disagree with that point of view - essentially where you have mandatory password changes people tend to use simpler passwords and then alter them in a very predictable way after each reset. In the end it's felt that any security benefit gained from having changing passwords is offset by the simplicity / predictability of passwords used.
There's a good blog post about this at https://www.ftc.gov/news-events/blog...ssword-changes
There's a good blog post about this at https://www.ftc.gov/news-events/blog...ssword-changes
The trouble you have is that hackers aren't learning your passwords then hanging around before using the points - as soon as they guess or discover, then they're redeeming for items that can be used quickly (gift vouchers, immediate travel).
Changing your password 2 weeks later will stop them coming back, but normally your account will be cleaned out.
If you're going to make an effort, go for a password manager and a secure, unique password for each site you use (as well as 2 factor where available).
Changing your password 2 weeks later will stop them coming back, but normally your account will be cleaned out.
If you're going to make an effort, go for a password manager and a secure, unique password for each site you use (as well as 2 factor where available).
#50
FlyerTalk Evangelist
Join Date: Aug 2002
Location: London
Programs: Mucci. Nothing else matters.
Posts: 38,642
I'd read that many months ago and there is indeed something to that. But when companies both require more complex passwords during a company-required password change and restrict use of a prior password or part of a prior password from being re-used, the increased frequency of password changes does help increase account security unless bad password creation/retention habits are allowed and/or being used (as is very often happening).
#51
Fontaine d'honneur du Flyertalk
Join Date: Jul 2001
Location: Morbihan, France
Programs: Reine des Muccis de Pucci; Foreign Elitist (according to others)
Posts: 19,086
LOL well at least sounds East Europeanish to me. Some Hungarian chain hotel in some resort town I never heard of. It seems they use miles for hotel stays a lot; not for air travel.
The hotel only charges $47 a night. 300,000 miles must have bought them quite a few rooms or they spent a long time there. They must have invited the whole family; aunts, uncles, cousins, grandmas, grandpas.
The hotel only charges $47 a night. 300,000 miles must have bought them quite a few rooms or they spent a long time there. They must have invited the whole family; aunts, uncles, cousins, grandmas, grandpas.
#52
Join Date: Apr 2015
Location: Oxford
Programs: Skyteam Elite+, VS Red, HHonours Diamond, Accor Plat
Posts: 629
If the main threat actor is:
- a cyber criminal then the written-down complex password works perfectly.
- a physical thief or an insider threat then you are in a bit of trouble.
- state sponsored hackers or hacktivists then you probably have to have a really good think about your life choices!
My retired father has a password book that sits on his desk at home and has yet to have any on line account breached.
#53
FlyerTalk Evangelist
Join Date: Feb 2009
Location: From ORK, live LCY
Programs: BA Silver, EI Silver, HH Gold, BW Gold, ABP, Seigneur des Horaires des Mucci
Posts: 14,177
That's a sweeping, and incorrect, generalization. Plenty of hotels will accept a debit card, many will accept a cash deposit, some will use the card that the stay was booked with, and quite a few will not require any at all if the guest says they do not require room-charging privileges.
Not if they want to comply with data protection legislation, which is substantially the same throughout the EU.
May potentially work, may not.
May potentially work, may not.
#54
Join Date: Jun 2010
Location: USA
Programs: SA Air, Air Canada, KLM, BA,Lufthansa, United, AA, Hawaiian, Air New Zealnd, Qantas, Virgin Atlantic
Posts: 777
Lastpass help
I signed up with Lastpass, and started adding sensitive accounts, but somehow I thought it would generate new and difficult passwords, but it didn't. It just has my passwords. What am I doing wrong?
I'm in kind of a quandary since I had to send a dead, but brand new, Dell computer back and it has all this info on it.
I just deleted all of the sites that I had added to Lastpass and will start with a clean slate tomorrow.
If you use Lastpass and have the time, please explain it like you are teaching a 5 year old because clearly I am not doing something right.
Thank you so very much if you can help.
I'm in kind of a quandary since I had to send a dead, but brand new, Dell computer back and it has all this info on it.
I just deleted all of the sites that I had added to Lastpass and will start with a clean slate tomorrow.
If you use Lastpass and have the time, please explain it like you are teaching a 5 year old because clearly I am not doing something right.
Thank you so very much if you can help.
#55
Join Date: Feb 2001
Location: London
Programs: AA EXP, SPG Plt
Posts: 2,607
We are way off topic but with lastpass you need to change your existing passwords to newer stronger ones. Here's how you generate stronger ones https://helpdesk.lastpass.com/generating-a-password/
When moving a pc it's quite easy. Sign into lastpass from the new pc and make sure it's synced. Then just Uninstall it from old pc
When moving a pc it's quite easy. Sign into lastpass from the new pc and make sure it's synced. Then just Uninstall it from old pc
#56
Join Date: Apr 2016
Programs: SK Gold, BA Gold
Posts: 180
Its most basic function is, as you've discovered, simply storing your passwords. The idea is that you should be using a strong, random password for each site, but since there's no way you're going to be able to remember them all, you need somewhere to write them down. In that regard, LastPass is just a more secure version of that Post-it note you stick on your screen.
LastPass does a few other things to make your life easier though. If it already has your login information for a site you are visiting, it will offer to fill the login form for you so there's no manual copying and pasting.
It can also generate strong passwords for you. This is useful both when you first sign up on a website as well as when you're filling the "change password" form (where you have to type your old password and then your new one twice). LastPass will usually notice that you've added or changed a password and offer to store/replace it for you. This works pretty well, use it.
It sounds like you were expecting LastPass to change your passwords for you. It's very tricky for a computer to do that because the process is different for each website, however I distinctly remember LastPass doing that for me once or twice to my amazement. I'm not quite sure where that action was buried, it may have been part of the "security audit".
But in any case, you'll have to go through your list and change most of your passwords by hand. It's not that bad though: let LastPass open the web page and log you in, then find the "change password" page, let LastPass fill in your old password for you, use its password generator to generate and fill in a new one. Then submit the form and LastPass should ask you if you'd like it to update the login data for that site in its database, to which you say yes.