In the technologically advanced and fast-paced world of today, travel loyalty programs and the data that they’re able to store have allowed users to book travel within minutes from a mobile app, over the phone or over the internet. Passport data, credit card information, home address and email addresses all stored in one place for when you need to book a flight in an instant.
All we have to do is log-in to our accounts once on our personal computers and mobile phones and we’re kept logged in so that when we need to book a flight or hotel on the fly, it can be done in seconds. While this is convenient, as you can have all those information boxes auto-filled, it may also, one day, be used against us.
Despite all the important information stored on these accounts, they aren’t typically thought of as targets because of their seemingly low importance and most regular travelers only use them for travel booking purposes once in a while. However, with all the vital information kept in these accounts combined with the recent data breaches and constant threat of hacking, our travel loyalty programs are at high risk.
While we don’t often think about the security of these accounts, there’s one company that is. Dashlane is a digital security company that has been analyzing the security of various loyalty programs to determine their vulnerability. Dubbed the Travel Website Password Power Ranking, the company analyzes the strength of password requirements and ranks each travel company accordingly.
Shockingly, based on the 5 levels of criteria set by Dashlane, only 6 of the 55 travel companies analyzed met 4 out of 5 criterions. For example, the company would test whether simple passwords such as “password” or “12345” would be accepting. With most companies requiring an alphanumeric password or a symbol be added, simple passwords are a thing of the past, except for some travel companies.
At the very bottom of the list was Norwegian Cruise Line, the family-friendly cruise operator. The company scored a 0/5, meaning it didn’t meet a single criterion set by the company and was the only travel company to do so. This means that the password security requirements are less stringent and simpler passwords can be used instead of the more complex ones that our banks require.
Nearer the bottom of the list were major airlines such as American Airlines, Air Canada and Allegiant Air. American Airlines is a surprise here, having just been rated the world’s most valuable airline brand at $9.1 billion. Although the airline requires a last name when logging in to its AAdvantage program, the password security requirements are still lackadaisical.
The majority of the travel companies ranked fell into the average 3 out of 5 ranking. In this category, major airlines such as Delta Air Lines and Southwest Airlines were ranked, joined by ultra-low-cost airlines Frontier Airlines and Spirit Airlines. Hotel and car rental brands such as Alamo, Avis, Best Western and Hyatt also made this ranking.
Only 5 travel companies made the 4 out of 5 ranking. Hawaiian Airlines, Hilton, Marriott, Royal Caribbean and United Airlines were among the select few that achieved the second highest level of password security.
At the top of the list for more secure password practices was Airbnb, the home-sharing app used by travelers to rent rooms, apartments and homes for short periods of time. With most consumers already skeptical of the service due to its heavy interpersonal trust requirement, the password security of the company’s user accounts was likely to be high to earn the trust of new users.
While we may not think of our travel loyalty programs as gold mines for hackers, we do keep valuable information stored in them. Safety is all too often jeopardized for convenience and while we should divest all information from our travel accounts, we should, at least, withhold some information if the accounts aren’t secure enough to deter hackers or other nefarious entities.