Login Requirements for delta.com: Sometimes You Have To Use Last Name, Sometimes You Don't

Delta Air Lines operates their main website at https://www.delta.com. To the best of my recollection, for a long time the only way to login to delta.com (and before that, delta-air.com) was using a SkyMiles number and its corresponding 4-digit PIN (so you used SkyMiles number + 4-digit PIN). At a certain point, this changed such that the corresponding last name was also required (so you used SkyMiles number + 4-digit PIN + last name); presumably the reason for the change is that it was determined SkyMiles number + 4-digit PIN is too easy to crack using brute force methods and so it made sense in that situation to require providing also another piece of identification information. So that's all good.

But now using a 4-digit PIN to login has been eliminated completely; a password now must always be used when logging in. In addition, email address and user name have been added as alternatives to SkyMiles number for use when logging in. But what's strange is that while last name is not required when logging in with SkyMiles, last name is required when logging in using the 2 alternatives to SkyMiles number (so you can use SkyMiles number + password or you can use user name + password + last name or you can use email address + password + last name). I don't understand this: this implies that there is less security when using a user name or email address than there is when using a SkyMiles number and I feel that if anything, the opposite is true since a valid SkyMiles number is by definition easier to guess given that there are only 10,000,000,000 possible valid SkyMiles numbers whereas there are an infinite number of possible valid user names and email addresses. Of course, a legitimate concern is that an attacker wouldn't be guessing but rather would be using information he/she knew: an attacker may acquire information from another source (website, database, etc.) and that information may work as credential information on delta.com (users commonly reuse passwords on multiple websites). It seems that Delta can envision a situation where an attacker could gain access to user name/email address + password and not gain access to last name yet Delta cannot envision a situation where an attacker could gain access to SkyMiles number + password and not gain access to last name (if they could envision this latter scenario, they would surely require last name as a means of thwarting attackers, just as they do as a means of thwarting attackers in the former scenario). I suspect they are correct that the former scenario is more likely but the latter scenario is at least possible and since they're already asking for last name with a user name/email address and since SkyMiles number is by definition easier to guess than user name/email address, I just don't understand why, if they're ever going to ask for last name, they don't consistently ask for it. I'm loathe to call it arbitrary but it's certainly at the very least difficult logic to follow.

Super Shuttle Interferes with MiFi

I just had the weirdest experience: my devices connected fine to my Verizon 4G LTE MiFi hotspot immediately before and then also immediately after my ride in a Super Shuttle but during the time I was in the Super Shuttle none of the devices (and I tried 3) would connect to the hotspot. The WiFi network of the hotspot was still there and detected by the devices and upon choosing to connect, I would be prompted for the WiFi password but after entering it, I would get a connection timeout. So strange. What in a Super Shuttle could cause that?!? I should have done a WiFi analysis--that was a missed opportunity! I have previously experienced where in a WiFi-heavy area the hotspot simply did not broadcast an SSID. I later searched for information on this issue and found others have experienced it as well (see https://community.verizonwireless.com/thread/666385) and they, like me, consider it a bug that needs to be fixed but in the meantime, the workaround is to set the device to use a specific channel, which I did. Maybe that channel was overwhelmed or something. Is that possible? Is there a circumstance around that issue where I'd be able to see the WiFi network but not connect to it?

Anyway, if you too hit this issue, know that you're not alone. And if you have any thoughts as to how to deal with it, let me know. Fortunately, I have no plans to ride in Super Shuttle again any time soon. But avoiding Super Shuttle in and of itself is all well and good--but there's nothing that says that this issue couldn't crop up somewhere else too, which is why I'd sure love to get to the bottom of it.

Hang/Hook/Hold/Stick/Mount Portable Hard Drive to Laptop/Notebook Lid/Top/Case with Suction Cup

Eh...sorry if the title of this post is a little hard to read--it's because I really want others to be able to find this info when they do an Internet search 'cause I sure couldn't find any info about anything like this!

I wanted a way to hang/hook/hold/stick/mount/something! my portable hard drive onto the back of my MacBook Pro's lid/top/case/display/whatever. I wanted something that I could attach and remove quickly and easily and that, when removed, wouldn't leave any traces of its presence on the laptop (so no modifications of any type to the laptop). I was more open to modifying the portable hard drive case, but I wasn't wild about that. Really, that left me only 2 options: suction and hanging hooks--and what I discovered is that the best approach is a combination of both: suction for the portable hard drive and a hook to hang it all from the laptop lid. :) I found a wreath hook at Jo-Ann that is perfect! Check it out:

Bye Bye Clear!

Wow: Clear, operator of registered traveler lines in many airports around the country, has ceased operations. For more (what little there is) visit http://www.flyclear.com.

I liked Clear and I'm disappointed it has shut down. There are numerous new stories about the shut down and most of them indicate that the Clear lines were idle much of the time. When you're using them, they are, by virtue of your usage, not idle--but still, thinking back on it now, there were times when I was the only person going through.

So why were the Clear lanes idle so much of the time? Because their value proposition wasn't clear (pun intended; ha ha!) for enough people. As mentioned in an Atlanta Business Chronicle article the wait time at the "regular" lanes here in Atlanta is rarely more than 10 minutes; I didn't note any other statistics for other airports in any of the other articles I read, but many of them did mention in general terms that security wait times are generally modest these days. And, as numerous of the news articles indicate, the Clear security screening process itself is no easier or quicker than the regular security screening process--rather it is the same process as in all other security lines. So if you aren't saving hassle with the actual security screening and you aren't saving significant waiting time, what are you really getting from Clear? It seems most people answered that question with one word: "nothing." Hence, even a clear (I can't help myself!) path through the Clear lines wasn't good enough to attract new customers. And I'm sure that as they looked to prospects for the future, what they saw is that the worst part was that if they had somehow been able to grow, the reality is that they would have only been able to handle a certain amount of growth (at least without expanded capacity) before they'd actually have found themselves in a situation where their wait times frequently exceeded those of the regular lanes!

So with this all being the case, why was I a Clear member? Well, when I joined last year, regular security lines were generally longer than they are now. Why has this changed? Since that time, the economy has weakened and less people are flying, and at some airports like Hartsfield-Jackson Atlanta International Airport, additional regular security lanes have been added, plus it seems that people are moving through security faster than they did last year (I'm not entirely sure if this is true or if it is, why it is, but kudos to TSA for any role they've had in the matter). But regardless of the reasons for the reduced wait times in the regular lines, I was contemplating not renewing at the end of my current membership period as a result of those reduced wait times. And you may find it surprising to find that I was actually leaning towards renewing. Why? Because even if Clear didn't provide actual speed advantages over the regular lanes, it did provide certainty of speed. That is to say, it provided a certainty that you'd get through security fast. So now the position I'm in is that when I go to the airport on Wednesday morning, I'm probably going to get through security quickly--but since I no longer can rely on that, I'm going to have to arrive earlier than I would have if I were able to use Clear--and the worst part is that I'll still be at greater risk of missing my flight! And that, my friends, is why I will miss Clear.

P.S. Although Clear ceasing operations rips off any existing Clear member, the good news for me is that although I had a bit more than 5 months of membership left on my term, I did still get much of the expected value out of my Clear membership: I purchased a 1-year membership in March of 2008 and had gotten additional bonus time from a pre-Atlanta-Clear-lanes opening special and from others using my Clear referral code. But surely there are some people who only recently had paid for Clear memberships; such people were supremely ripped off. But it pales in comparison to the investors who lost millions, right? Well, if Clear intentionally deceived those investors then yes--but otherwise, those investors simply invested in a company which just didn't pan out, they weren't ripped off like we Clear members were.

P.P.S. On a slightly related note: once, during the course of normal use of the Clear website (that is to say, not during a web application security penetration test), I stumbled upon a web application security vulnerability through which an attacker could have harvested Clear customer email addresses (to be clear, the attacker would only have been able to do this harvesting of email addresses one by one, not en masse; as for other details, well, as Forrest says, that's all I have to say about that). I always was amused by the irony of a company which went to great lengths to keep personal data safe having such a hole on their website! And I always wondered when Clear would discover the hole and patch it (but that certainly appears to be a moot point now!). I believe a good web application security assessment would have revealed this vulnerability and so I therefore find it doubtful that Clear authorized such an assessment. But regardless, this vulnerability just goes to show that even companies like Clear are not sufficiently adept at precluding unauthorized access to customer data. Feel free to shudder.

Heading to Estonia!

I'm heading out today on a short-term mission trip to Estonia! You can read more about it at http://www.estoniax.com/josh and you can follow our team's blog (hosted by my good friends at FusionLink and running on Mango Blog) at http://blog.estoniax.com. But don't worry--I'll be back to Atlanta in time for the ColdFusion 9 + Flex 4 User Group Tour meeting with Ben Forta!

Book One-Way Airline Tickets Instead of Multi-Destination Tickets

Okay, this one is way off-topic in relation to what I usually blog about, but I fully believe it's going to prevent someone who reads it from making the same mistake I made. Specifically, I believe it is going to prevent someone from booking a multi-destination ticket in the situation where, for the very same total price, that person could instead book each leg of the journey separately.

So why is it a mistake to book a multi-leg itinerary instead of booking separate one-ways, if the cost of the two is the same? I'll get to that in just a moment, but before I do you should know that in the majority of cases I have seen for the last many years, at least in regards to travel within the United States, both types of booking do in fact cost the same. That could vary from market to market, but in my experience, market is not generally a concern.

Okay, so let's talk about why you always want to go with booking your flights separately, so long as it doesn't cost you any more than booking them as a multi-leg trip (actually, after you read this post, you might decide it is even worth paying a little bit more in some situations): because it gives you more flexibility to alter your travel without incurring airline change fees. And if you haven't tasted any of the change fees being charged by airlines these days, let me just tell you that they taste very, very bitter and you very, very much want to avoid incurring them. I believe that most airlines are now charging $150 for any change.

Here's the deal: if you change a particular flight on an itinerary, the effect is that every flight from that point onward on the ticket has to change too. That doesn't mean you have to make any changes to any other flights, it just means that they get priced as if they were changed. And that means that if those flights have become more expensive, you have to pay the difference between what you paid and what the new rate is. So to be clear, even if you aren't changing any subsequent flights, they "act" as if they are being changed and the price for them gets recalculated and you pay the difference between the new price and what you paid.

So you should already see where it benefits you to book separate flights: if you change a one-way flight, there are no subsequent flights so you won't have to pay any fare increases that affect flights you don't actually want to change. So if you book an outbound flight and a separate return flight and then you change the outbound flight, while you'll have to pay $150 plus any fare increase for changing that outbound flight, you won't get stuck paying any fare increase for the return flight.

To make this perfectly clear, let's consider a simple example: you pay $300 for an outbound flight and separately you pay $200 for a return flight. Then you need to make a change to your outbound flight. Unfortunately, the fare for the new flight is $350; you now have to pay the additional $50 that this new flight costs over what you paid. In addition, you have to pay $150 to make the change. Ugh. You're out $200! But what if you'd booked a round-trip? The answer is that, best-case scenario, you'd be out the same $200 because of the same fees; worst-case scenario you'd be out not only that $200 but also much more because you would also have to pay any fare increases affecting the return flight: let's say that instead of $200, that same flight now costs $250; you'd have to pay the $50 that the return flight--the same return flight, mind you--costs over what you paid for it previously. This is an absolutely ridiculous policy, by the way. But it is in fact the policy.

Ah, but it gets worse: there's another policy that says that if you don't take a flight on a ticket, all other flights on that itinerary are cancelled (you get to keep their value, minus that same hefty change fee, but you can't actually fly them as scheduled). Why does this matter? Because in the world of $150 change fees, sometimes it makes the most sense to simply bail on a scheduled flight and book a new one. Think about it: if it costs you $150 to change a flight then so long as you can buy a replacement flight for less than $150, aren't you better off buying the replacement flight and simply not taking the existing flight? Of course you are. And with multiple one-way tickets, you have the flexibility to do that in all cases; with multi-leg trips, you can only do it where it won't be a negative impact to cancel all remaining flights on the ticket (so for instance, for the last flight on a ticket). By the way, the fact that you can't take a flight in an itinerary simply because you missed other flights in that itinerary is yet another ridiculous policy, but here again, it is in fact the policy.

So another example: let's say you pay $100 for an outbound flight and $200 for a return flight then you need to make a change to your outbound flight. Good news: the new flight also costs $100; you won't have to pay an increased fare. But should you change that outbound flight? No way! You should simply skip it and book the new flight you want for $100! Why pay $150 when for $100 you can achieve the same desired result (which is a ticket on the new flight you want)? But of course, if you have other flights on that ticket (that is, if you booked a multi-leg instead of multiple separate one-ways), you can't do that because they won't let you get on any flight on an itinerary on which you have missed a preceding flight. That means that if you really want to make the change, you have to pay the $150 change fee--but remember, you also have to pay an additional increase in the fare of your return flight, even if you don't change your return flight in any way. So, let's say that return flight is now $275 instead of $200; you have to pay not only the $150 change fee, you also have to pay the $75 by which the return fare has increased. That means you're coming out paying $225 additional--and this to change a ticket that originally cost you only $300! But if you'd booked separate tickets, you'd have paid only $100 because you'd have simply bailed on your original outbound ticket and bought a new outbound ticket.

I'm actually in very much this situation right now: if I had separate tickets for an upcoming trip, I could bail on the outbound ticket and buy the flight I actually want for $105, but if I change the round-trip ticket I have it will cost me $235. It actually would cost me less money, a total of $210 for a $25 savings, to go ahead and take my original flight then immediately take the first flight back home--and the logistics of doing that actually would work out for me. Now, you may say "don't be crazy--spend the $25 extra and save yourself the hassle of the travel. And it's a valid point because while I, like everyone, would rather get something for my money, in this case I don't need it and it's actually more of a hassle to use it than it is to not use it. Ah, but by using it, there is something I would get: miles. And those miles, coming as they would at the beginning of the year (a.k.a. the point at which earning miles for elite status resets), could months down the line be just what I need to achieve the next level of elite status (and at the very least, they would get added to my total available for redemption for award travel).

So in summary, there are two places where in making changes to airline tickets you can get zinged by having bought a multi-leg ticket instead of multiple separate one-way tickets:

  1. In having to pay the change fee where you would like instead to replace a flight in the itinerary with one costing less than the change fee, but where such a replacement would mean that subsequent flights in the itinerary that you do not want to change and do want to take would be automatically cancelled when you missed your originally scheduled flight.
  2. In having to pay for the increased fare of flights for which you are not actually making any changes, simply because these flights have their fares recalculated every time a change is made to any preceding flight.

So...book multiple one-ways instead of multi-legs. Enjoy the flexibility!

QED.

I do want to make it explicitly clear that it is only in the case where you want to change a flight in an itinerary that has subsequent flights you do not want to change where it is to your advantage to have booked those flights separately rather than as part of a single ticket; in cases where you only want to change the final flight on an itinerary, it makes no difference whether that flight is a one-way or part of a multi-leg. The reason is that effectively, the final flight for an itinerary is a one-way: changes to it don't cause you to be subject to paying the fare increases of subsequent flights because there are no subsequent flights and if you bail on it, there are no ramifications in regards to the automatic cancellation of subsequent flights because again, there are no subsequent flights. Now, if you need to change multiple flights on the same itinerary, you may well be better off if you bought all of those flights as part of the same ticket because you will only be charged a single change fee to change them whereas if they were on separate tickets, you would be charged a change fee for each ticket. However, I think it is a lot more common that you need to change only a single flight than it is that you need to change more than one flight on an itinerary so I believe that it will more often benefit you to book each leg of a journey separately than it will to book those legs together.

BlogCFC was created by Raymond Camden. This blog is running version 5.9.002. Contact Blog Owner