FFP's Whose Employees Can See Your Passwords Master Thread.
Apr 18, 2012 | 12:21 pm
#1
Original Poster
FlyerTalk Evangelist
Join Date: Mar 2006
Location: DFW
Programs: AA 1M
Posts: 31,939
FFP's Whose Employees Can See Your Passwords Master Thread.
I feel very uncomfortable using my regular password in FFP's whose employees can see my passwords. They usually ask for it to verify your identity. So I'm thinking of a master thread where all such FFP's can be listed.
BA
UA
SPG
HHonor
VS
Anything else?
BA
UA
SPG
HHonor
VS
Anything else?
Last edited by UA Fan; Jun 7, 2012 at 8:00 am
Apr 18, 2012 | 3:44 pm
#2
Join Date: Apr 2012
Posts: 2
You should generally not use the same password more than once (on accounts you really care about) - it's bad practice. I say this because - very frequently - databases are "hacked" and entire password databases stolen. In addition, to make the situation worse, sometimes these are not properly secured (or not even encrypted at all) - some are intentionally insecure. Even more frightening is the fact that such events are not always detected - and if they are they are not always reported to the public.
You are smart to be concerned about this - however I'd encourage not having a regular password for the reasons above. Having a password that is hard to crack (ie 'high-entropy') is also advisable.
You are smart to be concerned about this - however I'd encourage not having a regular password for the reasons above. Having a password that is hard to crack (ie 'high-entropy') is also advisable.
Apr 18, 2012 | 5:24 pm
#4
Join Date: Jul 2011
Location: North America
Posts: 2,273
Create a password-protected file, save it on a flash-drive, password protect the flash-drive. The file can contain passwords in code...let's say for BA...you can write BriAdios...naturally you know what the heck that means, but others probably won't. That's one suggestion. I guess you can do the same with a diary. 
Or have sharp memory like me and hope you will remember them all forever 
Or have sharp memory like me and hope you will remember them all forever
Apr 18, 2012 | 5:44 pm
#5
Join Date: Jun 2007
Programs: UA, AA, LH, Hyatt, Hilton, Marriott, Hertz
Posts: 1,762
Create a password-protected file, save it on a flash-drive, password protect the flash-drive. The file can contain passwords in code...let's say for BA...you can write BriAdios...naturally you know what the heck that means, but others probably won't. That's one suggestion. I guess you can do the same with a diary. Or have sharp memory like me and hope you will remember them all forever
Or have sharp memory like me and hope you will remember them all forever Seriously though, OP is right to use different passwords for their FF accounts and try to avoid common usernames - use FF numbers instead as they are all different.
Apr 18, 2012 | 5:54 pm
#6
Join Date: Nov 2006
Programs: UA nothing (former multi-year CO Platinum), AA 1M Gold, HH Diamond, National Executive
Posts: 449
I carry an Excel file in the encrypted memory of my BlackBerry. I use the same relatively easy password for many accounts that carry little risk if hacked into. For more important things I use more complex passwords.
Never, ever use your email password for any other purpose since it is usually a common thread to everything else. For example, if somebody hacks into a web merchant account and gets your email address, it would be very bad if that website password allowed them to log into your email account as well. Then they could do a lot of damage.
Never, ever use your email password for any other purpose since it is usually a common thread to everything else. For example, if somebody hacks into a web merchant account and gets your email address, it would be very bad if that website password allowed them to log into your email account as well. Then they could do a lot of damage.
Apr 18, 2012 | 6:11 pm
#7
Join Date: Apr 2012
Posts: 20
Ideally you should have a different password for every account.
Impossible to remember, of course - so now you need a password database. The danger in assembling your (different) passwords in a database is much lower than that of password re-use.
There are a number of good databases out there, from roll-you-own (Excel) to commercial and privately hosted, to web accessible. I'm a HUGE fan of LastPass ( https://lastpass.com )
The $0.00 edition is cross-platform, cross-browser, and dead simple to use. If you want access to all of your passwords on your tablet/smartphone, there's an additional one-time fee. Life got much easier for me when I started using LastPass.
Impossible to remember, of course - so now you need a password database. The danger in assembling your (different) passwords in a database is much lower than that of password re-use.
There are a number of good databases out there, from roll-you-own (Excel) to commercial and privately hosted, to web accessible. I'm a HUGE fan of LastPass ( https://lastpass.com )
The $0.00 edition is cross-platform, cross-browser, and dead simple to use. If you want access to all of your passwords on your tablet/smartphone, there's an additional one-time fee. Life got much easier for me when I started using LastPass.
Apr 18, 2012 | 6:17 pm
#8
Join Date: Oct 2010
Location: Santa Barbara, CA
Posts: 1,277
I use 1password from http://www.agilebits.com/. Love it, can't imagine ever going back to not using a password manager. It lets me auto-generate secure passwords, stores the encrypted password file on dropbox so I can access it from my desktop and laptop, and has browser plugins. I just have to remember one master password.
It also lets you store identities, credit cards, and software license keys and will auto-populate the first two on web forms (though it's a bit buggy sometimes filling in the right fields).
Use coupon code ExtraSpecial for 25% off.
It also lets you store identities, credit cards, and software license keys and will auto-populate the first two on web forms (though it's a bit buggy sometimes filling in the right fields).
Use coupon code ExtraSpecial for 25% off.
Apr 18, 2012 | 6:20 pm
#9
Join Date: May 2011
Posts: 669
Never, ever use your email password for any other purpose since it is usually a common thread to everything else. For example, if somebody hacks into a web merchant account and gets your email address, it would be very bad if that website password allowed them to log into your email account as well. Then they could do a lot of damage.
My personal strategy is to have a financial password, then another password I use for other sites (non-critical), and finally my email password. It's not at all idea but it's better than using the same password for everything.
The problem with using one of the solutions like 1password is if you are using a variety of random computers (say you are travelling) or you use computers you can't install software onto. Then it just becomes a huge hassle.
Apr 18, 2012 | 7:58 pm
#10
Join Date: Oct 2010
Location: Santa Barbara, CA
Posts: 1,277
This is very important as most websites use your email to verify your identity for password resets.
My personal strategy is to have a financial password, then another password I use for other sites (non-critical), and finally my email password. It's not at all idea but it's better than using the same password for everything.
The problem with using one of the solutions like 1password is if you are using a variety of random computers (say you are travelling) or you use computers you can't install software onto. Then it just becomes a huge hassle.
My personal strategy is to have a financial password, then another password I use for other sites (non-critical), and finally my email password. It's not at all idea but it's better than using the same password for everything.
The problem with using one of the solutions like 1password is if you are using a variety of random computers (say you are travelling) or you use computers you can't install software onto. Then it just becomes a huge hassle.
One other tip is to not give real answers to the "security" questions to recover your password. Your mother's maiden name or the make of your first car aren't exactly secure pieces of information. Make up random stuff, save the answers in your password manager or elsewhere, so you can look them up when needed. Again, not using the same answer for each service would be a good idea, too.
Apr 18, 2012 | 8:17 pm
#13
Join Date: Oct 2010
Location: Santa Barbara, CA
Posts: 1,277
Is it possible that they can't actually see your password, but type it in when you give it to them and it verifies it? That would make more sense to me, but who knows.
In any case, all my passwords look something like this: A3cfPk6LxafJ
In any case, all my passwords look something like this: A3cfPk6LxafJ
