Logging into IHG One Rewards, an account number and 4-digit PIN is enough. Several loyalty programs ask not just for your account number and password when you log in, but also your last name.
Someone asked on Twitter specifically why American Airlines has the requirement for three separate fields to log in – the account number, password, and last name. In other words, why isn’t account number and password enough? I happen to know the reason, and it’s mildly interesting.
Great question! We'll see if we can find an answer and will follow up once we have more info.
— americanair (@AmericanAir) May 3, 2022
When the US Airways Dividend Miles program was folded into American AAdvantage there were about 10 million people that were members of both programs – and 1 million identical account numbers between the two programs.
To make sure someone didn’t log into the wrong account in error with just account number and password they added a last name check. It’s unlikely that any of those 1 million account numbers that overlapped also had the same password, but it was possible, and so someone would accidentally use their old US Airways account number and log into an account belonging to another member of the AAdvantage program.
The history here is that before US Airways was taken over by America West, they used Sabre, and had 7 alphanumeric characters for their frequent flyer accounts just like American does. After the takeover America West’s SHARES put zeros in front of those. So legacy US Airways accounts over a decade old in some cases conflicted with American accounts. Anyone who had signed up for Dividend Miles after Team Tempe took over and converted to SHARES wouldn’t have had an issue.
As it happens I covered this when the change was implemented seven years ago!
Delta also asks for your last name if you log in with your username (but not your Skymiles account number).
Interesting story but the ‘team Tempe’ snark is so…come on…
Hyatt does this as well.
More account security and preventing errors is a good thing and is used by many companies outside of the travel industry- so clearly has nothing to do with the AA-US merger.
Qantas requires the last name too when logging in.
@Gary,
Can someone ask Delta why they’re the ONLY airline that plays “Twenty Questions” with their pax on international flights to the US and puts that lame sticker on their passports?
They claim “US law dictates it,” which is a falsehood.
Jeb Brooks makes some great YouTube videos. Worth a follow.
A better question is why the keep logging me out of the app when I have the stay logged in toggle on, and have no fingerprint login like every other travel app on the planet. That’s handy when you’re standing in line trying to pull up your boarding pass… American is the worst.
United can’t handle account and password being pasted in from a password manager on the web, at least with Firefox. One has to type one character and erase it from the password and remove and readd the last digit of the account.
“Someone asked on Twitter” It was Jeb Brooks, not some rando with 8 followers.
Terrible database design by the Sabre team, always make a userid unique to partner. Shoot, west back then I’m very surprised that the leadership at each Sabre partner didn’t require additional safeguards to protect their data, multiple partners mixing in the same db from other partners used to be very taboo…
@Gary can you also help figure out why Hilton is the only travel site I know of that makes you do captcha and click the squares with pictures of traffic lights or whatever, EVERY SINGLE TIME you log into their site? It’s so annoying.