That's a good way to guarantee that people will not remember their passwords. You or I might be able to remember pq12-@w, but any time you have thousands of people changing such passwords every 6 months, you're going to have a lot of support calls.

Adding additional allowable characters is a good against brute force cracks (ever use L0phtcrack?), but requiring more than one or two such characters translates into harder to remember passwords, especially if passwords expire.

As long as it's not possible to run a brute force crack without actually testing them (like on the NT password hashes), you can detect attempts simply by looking for repeated login attempts (i.e. lockouts).

If this is done, then requiring much more than "no English words" is probably detrimental to security, as it results in a much higher rate of passwords being written down and presents a greater opportunity for social engineering (large numbers of forgotten passwords mean such support calls are not suspicious).

yes when I noticed this I was extremely annoyed. I don't get why CO can't move away from the 4 digit pin code. I think it is the ONLY online service I use that has my credit card information that has such a flimsy security set up.

Hilton Honors also has this "flimsy security set up", including having to verify the PIN with agents over the phone.

I dont see any problems with leaving it as is. So far my acct has never been hacked into, nor has any of my bank accts that also has a simple 4 digit pin.

Yeah and my grandfather used to leave his car unlocked in front of his church. Until it got stolen ...

And i would have gotten away with it.. if it wasnt for you darn kids!@#!@#



</scooby-do mode>

More seriously. I am ok with CO allowing those who don't care about security to use a simple 4 digit code. What I find annoying is the fact that they claim you can add a password to your account which can be as complicated as you want it to be and by implication more secure but at the same time anybody who can crack the simple 4 digit code can still access my account.

So let craz have a 4 digit code, but let me have my more complicated password and no 4 digit code and we are both happy.

Be careful with that. I too had a dispute, back in the 'bad days' and CO never bothered to respond. The dispute was over the refund amount on a reissued ticket. Receipt said one thing, auditors another, thus the difference. I disputed, CO never responded and that was that. Until I was the high bidder on one of the auctions and when time came to 'pay' for the trip I found out my Onepass account was frozen. Why? I was accused by CO of an 'illegal' chargeback. As if it was my fault they never responded to the inquiry.

I had to pay them the dispute amount before they would release the miles.

[QUOTE=colpuck;9462041I am in agreement with the person who suggested that they meet them at the airport, have them arrested at the gate,[/QUOTE]

No law authorities care. I had a person, after a trip through Denver, lift my CC # and pay their HOME PHONE BILL with it. I could not get anybody, Federal, state, county or local, to give a rat's patootie about it.

Depends where you live... I once had kids break into the house I was moving into before I was fully moved in. They came in, drank the beer from the fridge, leaving the empties on the roof, and stole a bottle of tequila. Sheriff's office sent a deputy out (I wanted to file a report in case I found anything else missing later) and he proceeded to dust the beer bottles for prints.

Of course he may have been squirting them with baby powder and then pulling out some scotch tape just to make me feel better.

Hertz. Or at least they did when I first started using them online, and I still use just a 4-digit PIN.

Yes, I apologize, my post needed a good 'once over'

My old credit union used a 4-digit PIN for online logins (different from the ATM PIN).

Of course my current bank uses a 4-digit PIN for access to the account via ATMs and debit POSs. The ATM card itself is easily duplicated by a waiter, etc. (though I don't use the debit card as a credit card), so a lot of the security rests solely on that 4-digit number.

This is a much bigger deal than CO's online stuff, which is limited to buying airline tickets and related services, for which you need to be physically present, making such theft risky.

As someone who spends an unhealthy amount of time socializing with police officers, I can safely say that this officer was either:

1) New
2) Getting overtime
3) Bored out of their mind
4) Amusing you
5) Following procedure to the absolute letter.

A B+E arrest is a good one to get. Until the judge laughs at you.





(The answer was most likely 2 with a healthy dose of 5 mixed in.)