Maximizing loyalty methods and bank card rewards have taken me to greater than 60 international locations in my lifetime, and I have attempted with reference to each tip available in the market — the use of switch bonuses, snagging playing cards with limited-time welcome gives, double- or triple-dipping, or even bed and mileage operating.
However one in every of my methods is nowhere close to as thrilling — even though it is arguably extra vital than all of the ones issues put in combination.
And it’s…drumroll…a password supervisor.
This is why you must be the use of this sort of equipment to offer protection to your hard earned rewards.
What’s a password supervisor, and why must you employ one?
In essence, password managers function a safe repository to avoid wasting your login credentials throughout quite a lot of web pages and cell apps. As well as, they may be able to lend a hand generate new passwords when you are putting in place a brand new account — or updating an present one. This is helping make sure you have a singular, hard-to-guess password for every of your accounts.
A few of you could have a “favourite” password that is simple for you to bear in mind, and as a result of that, you employ it throughout all your accounts (no judgment — I used to be there as soon as). Sadly, this makes you extremely prone to a hack. In any case, if that one password makes it to the darkish internet, a hacker may acquire get entry to not to only one however all of your accounts.
For instance, let’s assume you put the password in your favourite widespread flyer account to be P@ssw0rd. Whilst this will likely fulfill the password necessities of mentioned program (because it features a capital letter, a host and a different personality), it is a ways from safe. In truth, a 2025 find out about from VPN supplier NordPass discovered that this ranked fifteenth on an inventory of probably the most regularly used passwords around the globe. The commonest? 123456 — with over 21.6 million cases.
If hackers can in finding your account quantity, they may be able to check out quite a lot of password combos to realize get entry to.
Alternatively, a password supervisor could make this just about inconceivable.
Praise your inbox with the TPG Day by day publication
Sign up for over 700,000 readers for breaking information, in-depth guides and unique offers from TPG’s professionals
I individually use LastPass to safe my passwords, and whilst scripting this phase, I requested it to generate a brand new, distinctive password — 16 characters lengthy, with lowercase and uppercase letters, numbers and randomized symbols. Here is what it got here again with:
Hh6BAuXP#OvryiA#
The risk of a hacker guessing this or perhaps a brute-force computing effort uncovering it’s reasonably small. In truth, the use of the above parameters offers over 37 nonillion conceivable combos (that is 37 with thirty zeroes in a while).
After all, there is little or no likelihood that I may take into accout this password myself — which is the place the repository characteristic is available in. All of my distinctive, hard-to-guess passwords are stored seamlessly inside of my LastPass vault. After I wish to log in from a relied on tool, the password is populated routinely.
Why is that this so vital for loyalty methods?
A password supervisor can lend a hand safe all your accounts, however there are some key explanation why loyalty methods are so inclined. For starters, those methods do not be offering revealed or prison protections, a notable distinction to bank cards, the place the Truthful Credit score Billing Act caps your legal responsibility for unauthorized fees at $50. Many issuers pass even additional, providing $0 fraud legal responsibility for unauthorized purchases.
Comparable: How a 10-minute name reversed $2,300 in fraudulent fees on my bank card
That isn’t the case with maximum loyalty methods.
For example, here is an excerpt from the phrases and prerequisites for a big airline’s program:
“[Airline name] assumes no accountability for and isn’t chargeable for any unauthorized get entry to via 3rd events to a member’s account or account data, together with any unauthorized award transaction constituted of the account, apart from as supplied underneath appropriate regulations. [Airline name] assumes no legal responsibility or responsibility to re-credit any unauthorized mileage withdrawal made via 3rd events; then again, [Airline name] reserves the appropriate to check, in its sole discretion, requests for re-crediting unauthorized mileage withdrawals supplied such request is made to [Airline name] inside of 3 months of the unauthorized withdrawal.”
As well as, many of those methods do not require two-factor authentication — and even have it as an possibility.
To check this, I tried to log in to 6 common airline methods and 4 most sensible resort loyalty methods from a non-public window in a browser I would by no means used ahead of.
| Program | Two-factor authentication? |
|---|---|
|
Textual content message to verify |
|
|
Number of textual content or electronic mail to verify |
|
|
None |
|
|
E-mail to verify |
|
|
None |
|
|
Textual content message to verify |
|
|
None |
|
|
None |
|
|
Number of textual content or electronic mail to verify |
|
|
None |
On the time of writing, best part required an extra verification step.
I attempted the very same factor with my accounts throughout seven bank card issuers, and they all required two-factor authentication, both straight away upon logging in or when clicking into the redemption choices.
In any case, as soon as inside of your account, hackers can briefly burn your rewards on cash-equivalent redemption choices or last-minute trip bookings, within the hopes that you will not realize the hack till it is too overdue — which is precisely what took place to a couple of TPG staffers in recent times.
Most important spokesperson Clint Henderson had his AAdvantage account hacked in 2024, with just about 400,000 miles burned for last-minute condo vehicles. Later that 12 months, senior editor Gabrielle Bernardini had a hacker use over 17,000 issues from her Southwest Fast Rewards account for a resort for a last-minute resort keep. And only a few weeks in the past, managing editor Ben Mutzabaugh gained a preemptive notification {that a} hacker was once attempting to make use of his American miles for present playing cards — even though fortunately, this was once stuck ahead of his account was once tired.
Whilst each Clint and Gabby had their balances restored, every one required some important time to take action.
Base line
There are few issues extra irritating on this planet of issues and miles than a hacker the use of your rewards. Fortunately, there are steps you’ll take to safe your account — together with using distinctive, hard-to-guess passwords for each one in every of them. And a password supervisor can play a very powerful position in saving those credentials so that you shouldn’t have to bear in mind lengthy strings of apparently random characters.
After all, this is not a foolproof resolution, as hackers would possibly nonetheless have the opportunity to realize get entry to. Nonetheless, it is a very powerful step so as to add an extra layer of safety for your loyalty program accounts, particularly since our exams display that a number of common loyalty methods do not use two-factor authentication.
In case you are no longer recently the use of a password supervisor, I would strongly inspire you to take action — at this time. Another way, the ones issues and miles will not be there while you actually want them.
