When a company makes a change, it will usually somehow find a way to say it’s positive for customers. But to be honest, that’s not why these changes are made. It’s either because the new system will bring in more revenue for the company or because it will save them money.
For example, an airline might say they’re eliminating in-flight entertainment systems. However, instead of saying how much cheaper those new seats will cost them, and how much less fuel they’ll use with the lighter seats, they’ll insist it’s because people prefer to watch their own devices, and the decreased weight will be better for the environment and increase passenger legroom.
Not all changes are that obviously about saving money. Take one recent change from American Airlines, which I’m really hesitant about. Starting March 20th, instead of having a separate login for the AAdvantage eShopping site, you’ll use the same password as you do for your AAdvantage account.
Beginning March 20, you’ll need just your American Airlines AAdvantage®credentials to access AAdvantage® eShoppingSM. Less log-in time means more time for shopping and earning AAdvantage® miles. Plus, single sign-on to both programs ensures a smooth, safe journey for you.
I don’t know how you feel about this, but I don’t like it.
I’ve read too many stories about people having their accounts hacked, and I always use different passwords for my airline loyalty accounts and shopping or dining portals. Now I won’t have a choice and will need to use my AAdvantage login to access the shopping site, which, by the way, isn’t run by American Airlines. Instead, it’s operated by Cartera Commerce.
The AAdvantage® eShopping℠ program (the “Program”) and website are owned by American Airlines, Inc. (“American”), and managed and operated for American by Cartera Commerce, Inc. (“Cartera Commerce”).
I’m not implying that Cartera will treat my login information differently from how American Airlines treats it. But I would rather have a different password for access to different systems than have to use the same login for different websites.
Before, hackers had no reason to try to access the AAdvantage shopping mall database unless they planned on buying something and letting me earn miles for it. Instead, if the shopping portal site is hacked, hackers will have access to everyone’s AAdvantage accounts.
I know that many people are now using the AAdvantage eShopping program to earn miles, which can earn them loyalty status with American Airlines. I’d keep a close eye on your accounts, just in case.
Want to comment on this post? Great! Read this first to help ensure it gets approved.
Want to sponsor a post, write something for Your Mileage May Vary, or put ads on our site? Click here for more info.
Like this post? Please share it! We have plenty more just like it and would love it if you decided to hang around and sign up to get emailed notifications of when we post.
Whether you’ve read our articles before or this is the first time you’re stopping by, we’re really glad you’re here and hope you come back to visit again!
This post first appeared on Your Mileage May Vary
5 comments
I think you’re misunderstanding how SSOs work, aadvantage eshopping will redirect you to aa.com to sign-in and after you do so, you’ll get redirected back with an authentication token. AAdvanhtage Eshopping isn’t going to get your actual password
Thanks for the explanation. You are correct that I do not understand the way that the system works behind the scenes (I had to Google SSO, if that explains my knowledge level) or how this is more or less secure than the system that’s already in place.
I don’t think you understand how a federated single sign-on login process work. If you’re using the AAdvantage credentials with AAdvantage as the identity provider, then service provider (Cartera) doesn’t actually get your login credentials. What probably happens is your login credentials go to the identity provider and then the identity provider passes back an assertion or token to the service provider to log you in.
Someone else beat me to it, but yeah, nothing to worry about here. In fact, this is how Alaska has been doing things for quite some time now.
As an Apple user, I wish Sign In with Apple, another type of SSO service, were more widely available.
This is a huge PITA.
I help multiple family members by using aa shopping. Now I need their aa passwords which is ok. However upon logging in to aa shopping, aa emails a verification code. So now I need to ask for an email code every time this happens.
Ironically the shopping site has a banner at the top saying they’ve made things simpler.