Frequent Traveler Accounts – Password Requirements Out Of Control

A few days ago I was sitting in front of my computer and my brain was completely friend. I was simply unable to remember four of my passwords for various frequent flyer accounts.

During the recovery process for this data and subsequent setup of new ones I almost got a heart attack of how complicated these programs make it to set a simple password.

Now don’t get me wrong I’m all for security and I’m absolutely at fault here for forgetting it in the first place but what Cathay Pacific Asia Miles required was simply out of control.

Your password must contain a minimum of 8 characters

Your password must contain at least 1 number

Your password must contain at least 1 upper-case letter

Your password must contain at least 1 special character chosen from ! # $ ^ and *

Who is supposed to remember stuff like this permanently? It consequently ends up being saved on some file, something I explicitly hate to do for the same reasons why I don’t use services like Award Wallet (John wrote about their most recent data breach here).

A while ago Hyatt Gold Passport also prompted every customer to reset their password without prior warning. This required having a valid email on file in order to receive a reset link. Otherwise you’re SOL and can spend time on the phone.

If this trend continues then at one point every brain will just overload. It is impossible to memorize crazy passwords like this Asia Miles one.

Conclusion

Don’t use the same password for every single account but keep the amount of password you use down to three of so, if possible. That way you won’t have an avalanche crashing onto you when one day you really need to try one or two different ones.

Despite all this I can still emphasize on what a bad idea it is to use centralized databases for frequent flier accounts. As soon as this database is compromised the perpetrators will have it very easy to empty your entire account in the worst case.