My SPG Account Got Hacked
#46
 
Join Date: Nov 2000
Location: Upcountry Maui, HI
Posts: 13,299
@David, On 29th Nov when I tried to change the password the maximum that I was able to use was 14 characters. I was issue Chrome, not sure if that's the maximum allowed now or its limited to chrome. I did not bother to check that. Also I had the same issue with American Express which did not allow more than 8 character until very recently.
I know 16 didn't work for me, but 12 did.
12 or even 14 character passwords are not considered to be very strong these days. It doesn't matter if you use a password manager like roboform, 1password or last pass (all good products) if the site limits you to short combinations of characters. The password managers help by allowing you to create random combinations of characters that should be different for every site, but they can't overcome the site's limitations of only allowing limited/short passwords with restrictions on using special characters. But it is good advice to remind people to use a password manager and different passwords for each site to help minimize the risk when one site is compromised.
-David
Last edited by LIH Prem; Dec 9, 2013 at 11:18 pm
#47
Join Date: May 2012
Location: SIN
Programs: JL GC | Marriott LT Silver | Global Entry | SQ Silver
Posts: 6,818
As for the 2FA, maybe SPG can comeup with a security token like how it's used for internet online banking. Or a mobile app that generates the 2FA (Blizzard Entertainment did this for their accounts portal).
#48
Join Date: Feb 2009
Location: LAX
Programs: HH Diamond, SPG Gold, Marriott Elite Gold
Posts: 1,032
I'm confused. I thought you could only convert your SPG points into a FF account in your name.
#49
Join Date: Apr 2009
Location: SMF
Posts: 1,261
One program that I use to monitor my accounts (I have 19) is Award Wallet. It will show you very quickly whether or not your points have changed and it also tracks expiration dates. I updated early one Sunday and all of my Hilton points disappeared - I quickly found out (by reading FT threads) that this was very common with Hilton; don't know if they've fixed the glitch yet but my points showed up a few hours later.
Here's a link if you decide to go with Award Wallet that will allow you a free service upgrade: http://AwardWallet.com/?refCode=wqraisoqvf
I'm not trying to spam; you can find an Award Wallet upgrade conga line in the S.P.A.M. subforum if you prefer.
Here's a link if you decide to go with Award Wallet that will allow you a free service upgrade: http://AwardWallet.com/?refCode=wqraisoqvf
I'm not trying to spam; you can find an Award Wallet upgrade conga line in the S.P.A.M. subforum if you prefer.
#50
Join Date: Jan 2012
Posts: 113
http://money.cnn.com/2013/12/04/tech...swords-stolen/
Jut found out that my adobe account had been compromised via this site... http://haveibeenpwned.com/
Jut found out that my adobe account had been compromised via this site... http://haveibeenpwned.com/
#51
Join Date: Feb 2013
Location: Miami, FL
Programs: UA 1MM, AA Plat Pro, Marriott LT Titanium, Hyatt Glob, IHG ♢ Amb, Hilton ♢, Hertz Pres
Posts: 6,008
If you want to see how strong your password is - use this http://www.howsecureismypassword.net/
My Lastpass password is 344,000 years. Safe enough for me
My Lastpass password is 344,000 years. Safe enough for me
#52
 
Join Date: Nov 2000
Location: Upcountry Maui, HI
Posts: 13,299
I've thought about using AwardWallet.com but, wow, if its accounts ever got hacked into, multiple airline miles accounts would be compromised. There's one other, er, what is it: Points.com? I think that outfit wanted passwords for every account, no? Are you kidding? Give passwords out so another company can conveniently track them? Geesh, I'm reticent to confide my passwords with others.
From what I've read from security experts, 12-14 random mixed case characters using numbers, letters and symbols (not based on dictionary or other easy to remember phrases) is the current minimum recommended password length. And in 6 months that will change, I'm sure. And don't use the same password on more than one site.
-David
Last edited by LIH Prem; Dec 10, 2013 at 1:47 am
#53
FlyerTalk Evangelist
Join Date: Apr 2009
Location: India
Programs: Bonvoy Lifetime Titanium, IHG Plat, HH Gold, Trident Plat, DL Diamond, AI Maharajah
Posts: 29,598
on the 28th of november i received an email from spg as well informing me that my mailing address had been updated....i quickly logged onto my spg account & the mailing address was the same as it had been before....no change at all....either way, i didn't want to take a chance so i changed my password....
#54
Join Date: Jul 2001
Programs: Marriott LT Tit; Hyatt Explorist; Hilton CC Gold; IHG CC Plt; Hertz (MR) 5 star
Posts: 5,536
I've thought about using AwardWallet.com but, wow, if its accounts ever got hacked into, multiple airline miles accounts would be compromised. There's one other, er, what is it: Points.com? I think that outfit wanted passwords for every account, no? Are you kidding? Give passwords out so another company can conveniently track them? Geesh, I'm reticent to confide my passwords with others.
#55
A FlyerTalk Posting Legend
Join Date: Sep 2009
Location: Minneapolis: DL DM charter 2.3MM
Programs: A3*Gold, SPG Plat, HyattDiamond, MarriottPP, LHW exAccess, ICI, Raffles Amb, NW PE MM, TWA Gold MM
Posts: 100,327
on the 28th of november i received an email from spg as well informing me that my mailing address had been updated....i quickly logged onto my spg account & the mailing address was the same as it had been before....no change at all....either way, i didn't want to take a chance so i changed my password....
#56
FlyerTalk Evangelist
Join Date: Apr 2009
Location: India
Programs: Bonvoy Lifetime Titanium, IHG Plat, HH Gold, Trident Plat, DL Diamond, AI Maharajah
Posts: 29,598
#57
Join Date: Sep 2006
Location: IAD
Programs: Marriott- Platinum, IHG - Platinum, Hyatt - Globalist, CC - Gold, Hilton - Diamond, BW - Platinum S
Posts: 256
deleted
#58
Suspended
Join Date: Jun 2012
Location: 048′24″N 17636′59″W
Programs: Taiwan is a country.
Posts: 1,206
OMG.. they're points people. I HATE I have to use the fob thingy for banking..
#59
Moderator: British Airways Executive Club, Marriott Bonvoy
Join Date: May 2006
Location: Englandshire
Programs: SPG LT Plat, BA G, BD*LG, MG Blue+ ...
Posts: 15,957
For the folks affected by these recent hacking events, was your login password the same as, or different from, the 'verbal password' that you give when making a phone transaction ?
#60
Join Date: Mar 2007
Posts: 3,990
Cheers,