Password Issues





AA Passwords


AA has very strict password rules. Unfortunately, as many of us know, strict password rules do not translate into better security - in fact, in most cases they create a less secure environment. It is called “security theater” - that is, having the appearance of high security (does the TSA come to mind?). One rather bothersome rule that AA has forced upon us is the "90 day expiration" rule. Every 90 days your AA password will expire, and you cannot change your password to the same password – you must chose a completely different one. Security theater.


The National Institute of Standard and Technology (NIST) Special Publication 800-63-3, documents new Digital Identity Guidelines, including rules on how to keep passwords secure. Companies like AA get it all wrong when they require password changes even if the server hasn’t been broken into. NIST says that requiring capital letters, digits, special characters, or impose other “composition” requirements do not actually make a site more secure if the result is that users can’t easily remember their password.


Oh well...


Because a password is required for check-in, you must, must, must always keep your password in mind when scheduling Advance Check-In (ACI). ACI only knows your AA password at the time you schedule it (by the way, it is not stored anywhere online, nor does not save it after a check-in). If you schedule an ACI, and then later change your AA password to a different password you must cancel your ACI and reschedule it. Always.


An important thing to also keep in mind when changing your AA password: You may be tempted to use special characters because it makes it easier to remember, but don't. Even though AA says you can use special keyboard characters like !, %, $, &, /, \, etc., what they don't tell you is that some of their authentication protocols don't like them. Plus, anything done through a web browser is subject to web browser rules and anything transmitted through a web browser should be letters and numbers only.


Recycle Password


But there is a better way: the Recycle Password gofer. All our apps have a Recycle Password feature. What Recycle Password essentially does is this:

Of course, if you use Recycle Password every couple of months, that means you can keep the same password indefinitely. The caveat to Recycle Password: you must have a current, working AA password to recycle it. I cannot have expired, or "expiring in ___ days."


When Recycle Password is used, it displays an password expiration date in e.Halo/e.Halo Gofers/Halo so you can keep track of when you need to recycle your password again.


If you change your password manually, outside of e.Halo/e.Halo Gofers/Halo, then you may want to clear that password expiration message. That can be done in Preferences with the Clear AA Password Expiration button.


AA Password Tips





No warranty is implied for Halo, e.Halo, or e.Halo Gofers. The author is not responsible for information displayed in Halo, e.Halo or e.Halo Gofers

Copyright © 2018 SafiSoft All Rights Reserved


Apple, the Apple logo, iPod, and iTunes are trademarks of Apple Inc., registered in the U.S. and other countries.

iPhone, iPad and iPod touch are trademarks of Apple Inc.

Microsoft and Windows are trademarks of Microsoft Inc., registered in the U.S. and other countries.