Login Requirements for delta.com: Sometimes You Have To Use Last Name, Sometimes You Don't

Delta Air Lines operates their main website at https://www.delta.com. To the best of my recollection, for a long time the only way to login to delta.com (and before that, delta-air.com) was using a SkyMiles number and its corresponding 4-digit PIN (so you used SkyMiles number + 4-digit PIN). At a certain point, this changed such that the corresponding last name was also required (so you used SkyMiles number + 4-digit PIN + last name); presumably the reason for the change is that it was determined SkyMiles number + 4-digit PIN is too easy to crack using brute force methods and so it made sense in that situation to require providing also another piece of identification information. So that's all good.

But now using a 4-digit PIN to login has been eliminated completely; a password now must always be used when logging in. In addition, email address and user name have been added as alternatives to SkyMiles number for use when logging in. But what's strange is that while last name is not required when logging in with SkyMiles, last name is required when logging in using the 2 alternatives to SkyMiles number (so you can use SkyMiles number + password or you can use user name + password + last name or you can use email address + password + last name). I don't understand this: this implies that there is less security when using a user name or email address than there is when using a SkyMiles number and I feel that if anything, the opposite is true since a valid SkyMiles number is by definition easier to guess given that there are only 10,000,000,000 possible valid SkyMiles numbers whereas there are an infinite number of possible valid user names and email addresses. Of course, a legitimate concern is that an attacker wouldn't be guessing but rather would be using information he/she knew: an attacker may acquire information from another source (website, database, etc.) and that information may work as credential information on delta.com (users commonly reuse passwords on multiple websites). It seems that Delta can envision a situation where an attacker could gain access to user name/email address + password and not gain access to last name yet Delta cannot envision a situation where an attacker could gain access to SkyMiles number + password and not gain access to last name (if they could envision this latter scenario, they would surely require last name as a means of thwarting attackers, just as they do as a means of thwarting attackers in the former scenario). I suspect they are correct that the former scenario is more likely but the latter scenario is at least possible and since they're already asking for last name with a user name/email address and since SkyMiles number is by definition easier to guess than user name/email address, I just don't understand why, if they're ever going to ask for last name, they don't consistently ask for it. I'm loathe to call it arbitrary but it's certainly at the very least difficult logic to follow.

My Savings War

I'm fighting a war on "savings." Not savings the concept, but "savings" the word: I'm fighting to get it back, back from all the marketing and advertising people who have stolen it from us.

Raise your hand if you believe that saving and savings are good. Now wave at everyone who is looking at you and wondering why you raised your hand while reading from your computer (or mobile device or whatever you're using). You may look silly with your hand raised, but the point here is that everyone believes that saving and savings are good and so if everyone else reading this participated as well as you, you wouldn't be the only one looking silly right now.

Now, raise your hand if you believe that you can save money when buying things, like perhaps due to a sale a store is having. If you're again looking silly with your hand raised, this time I'm hoping you're not in good company. But take heart: untold amounts of money have been spent by marketers and advertisers who want you to believe that you can save money when buying things. Unfortunately, this leaves you...wait for it...looking silly.

Here's the deal: we have all been taught that saving and savings are good things; these are values that are instilled in us. And saving and savings--real saving and real savings--are good things! Now, let's talk about spending: no, the point isn't that spending is, by contrast with saving, bad. Spending is necessary, at least for the vast majority of us. What spending always is, however, is the complete opposite of saving! So: if go into a store and come out with stuff, you have spent money and you have not saved money. What's wrong with that? In and of itself, nothing: as I said, spending is necessary. But what's good about spending? Well, when you're buying things you need, that's a good thing (or at least, if you're able to afford the necessities of your life, that's a good thing). But...well, the truth for many of us is that we don't actually need most of what we buy. Now, we all know that marketers and advertisers work to convince us that we need things we really don't need and they're good at this. But there's always something there we can argue against. So you know what an even better strategy for them is? Divert our attention away from that issue and instead focus on something we all believe in: saving money! So that's exactly what they do: they tell us how much we can "save" by buying from them during whatever sales promotion it is they're doing. And we get all excited because we get what we want (whatever they're selling) and we get to "save" (which we value). It's subtle--and brilliant.

It's brilliant because it works. And it works so well that they've managed to steal "savings" from us and completely redefine it. Take a look the last paragraph of this ABC News article and you'll see an example (I tried to post a comment about this subject to this article but I guess it wasn't approved; well, fine: I'll just include a link to their article here in my blog post instead).

You may think how we define "savings" is mere semantics and a trivial issue but it's not: because of the fact that we value savings, it's psychologically important for us to define it properly. So let's take "savings" back--and lets use it to refer to holding onto our money, not spending it.

Movie Review: "Eagle Eye"

I've never written a movie review before. And I may well never write another. But I saw "Eagle Eye" at one of those pre-screenings on Wednesday night and as such I saw it before most everyone else so I thought I'd take a minute here to let you know what I thought about it in the hopes it might be informative to you.

Now, my goal here isn't to be objective or to evaluate the movie on any particular set of criteria--I'm simply going to tell you my thoughts. Note that I cannot be held responsible for any irreparable damage this may cause. ;P

Here's the thing about this movie: the villain is a computer. Specifically, the antagonist is a computer that has become too smart for its own good and is now trying to do things that the humans in the movie consider to be nefarious. These include wearing white shoes after Labor Day, swimming immediately after eating, and killing people. Silly computer--tricks are for kids! Okay, so the computer doesn't have feet on which to wear shoes and it doesn't appear to have any interest in either eating or swimming, but it sure ain't kidding around on that whole killing people thing!

Let me say this: I like Terminator as much as the next guy. But that's set way in the future. And that machine at least acts like a dude. The computer in Eagle Eye, on the other hand, isn't all that different from the computers we're all used to, only except this one is ginormous, has these befuddling infrared innards which Hollywood apparently thinks will impress people with their complexity, and oh yeah--is trying to kill people (and I don't want to hear about how your computer seems to be trying to ruin your life by crashing at all the wrong times--it's not the same thing). The computer in Eagle Eye isn't at all like a dude--it does talk, but it has no face, no body, and it can't move around under its own power. Actually, it does have a bit of a thing for car chases so maybe it's a little like a dude after all.

So anyway, much as I like Terminator, I don't like movies set in the present day where the main difference between our actual world and the world depicted in the movie is that in the movie there's a crazed computer bent on destruction. Eh, I suppose that if the crazed computer were some minor plot line, I could hang with it if the rest of the movie were interesting, but when the crazed computer is core the entire story of the movie, I'm pretty much done. Because I was with my girlfriend and I simply don't like giving up on things, I hung in there with Eagle Eye for a bit after it became clear that the villain was a computer. But the film is so predictable that there wasn't anything even interesting to keep my attention, and so it got to the point where I just couldn't wait for it to end. To the film's credit, it at least didn't drag things out.

If you like movies where the antagonist is a computer, have at it. But if you're like me and such movies aren't your thing, skip this one. And remember, computers don't kill people, people kill people. Or something.

2011-04-21: given the age of this post, it seems unlikely to receive further legitimate comments. Yet comments continue to be posted: spam. Accordingly, it seems wise to me then to stop the insanity by closing comments to this post. Should you have a legitimate comment you wish to post here, please contact me via the the contact form here on my blog. Thanks!

Bad Marketing, Part 1

I find myself regularly surprised at some of the downright confounding marketing decisions I see made out there. Now, I'm a detail-oriented person so I sometimes catch things that most people wouldn't, but some of these things are glaring. Everyone makes mistakes, but when it's something like a TV commercial, I would think that there would be multiple content reviewers to prevent those mistakes from making it out into the wild. Yet today, I heard this in a commercial:

Don't shop around, call [offending company] first.

So much for content reviewers! Maybe it's just me, but the first thing I thought was "why are they telling me not to shop around?" Well, actually the first thing I thought was how arrogant it is that they would presume to tell me what to do, but once I moved past that I was left with the aforementioned question, to which I could only conclude that they have something to hide. Now, maybe they do have something to hide and maybe they don't--it doesn't really matter because at this point they have put the seed of doubt in my mind and I don't trust them. And that's what I call Bad Marketing.

Thinking in the shower

Are you one of those people who does some of his/her best thinking in the shower? I am. And for longer than I can remember, every now and then, I've had a thought to which my response was "hey--I need to put up a blog so I can post about that." Today's thought? "I have a blog now--I can post that!" Of course, now I can't remember what any of those other thoughts were. ;)

Is this thing on?!?

Or maybe I should call it "hello world." No--I'll opt for the DJ reference over the geek reference.

But in any event, yes, indeed--this thing is on. And so okay, fine: hello, world. I hope you're happy now.

Oh, and one more thing: no, right now it ain't pretty. Hey--for now let's just be satisfied that it's there at all!

BlogCFC was created by Raymond Camden. This blog is running version 5.9.002. Contact Blog Owner