It’s that time again!
This month, we’re talking about Greyhound’s terrible website security, how your next credit card could have a fingerprint scanner, why making calls on your cellphone (thankfully) isn’t coming to flights in the US anytime soon, and a couple of welcome updates to Google’s mapping products.
Greyhound, Your Site’s Password Security Sucks
Thinking about buying tickets through Greyhound’s website? A recent article on Ars Technica pointed out that password security on the company’s website is almost as bad as the toilets on its buses.
The site lets you book tickets for upcoming travel, manage reward points, and more. You need a user account to do it… and that’s where the problems start. The password can be as short as four characters, with no restriction on what you type in. 1234, abcd, and dave are all valid options. Not exactly hard to guess.
It gets worse. Let’s say you’ve somehow forgotten you used the least-secure password in the world when you created your account. Rather than sending you a link to reset your password, like companies with the slightly clue about security do, Greyhound emails you the actual password in plain text.
That’s bad for several reasons, including that it means the site is storing your password insecurely. If (or more likely, when) the site security gets breached, all those passwords will be available to the hackers, associated with the email address that created them. Have you ever re-used the same email and password on multiple websites? Congratulations, your data is now at risk on all of them.
Ok, you think, I’m worried about this, so I’ll go change my password to something secure. Good luck. Astonishingly, the Greyhound site doesn’t let you change your password.
That’s so bad, I had to check for myself. As I type this, it’s still true. In a nice irony, they even say ‘Top tip: Keep your account safe by changing your password from time to time’ at the bottom of the email with your password in… and then provide no way to do so.
Since you also can’t delete your account, literally the only way to improve your security is to log in and change your email address to gibberish, then never use the site again.
This abysmal approach to password security wouldn’t have been acceptable from a tiny startup a decade ago. A large company doing it in 2017 is downright inexcusable.
Mastercard Is Testing a Credit Card With Built-In Fingerprint Scanner
If you thought chip and PIN was the latest and greatest in credit card security, think again. Mastercard is currently testing a version of its card with an inbuilt fingerprint scanner, used instead of a PIN code to authenticate in-person transactions.
The new card is being trialed in South Africa, and if all goes well, could be available globally before the end of the year. Crucially, retailers don’t need new equipment — it functions just like a chip and pin card, except authentication is handled by putting one of two registered fingers on the square scanner.
Card issuers will need to choose whether to adopt the new version, though, and customers will be required to visit an ‘enrollment center’ (most likely a bank) to register their fingerprints before activation.
Still, anything that helps prevent credit card fraud is likely to be popular with the companies that issue them, so it may not take too long before we start seeing these fancy new cards becoming available to the general public.
Inflight Calls Won’t Be Coming to the USA Any Time Soon
The Federal Communications Commission (FCC) has been making noises about removing the ban on inflight calling in US airspace since 2013, but the new head of the commission has firmly squashed the idea.
That ban came in to force in 1991 for safety reasons, but a proposal four years ago suggested lifting the prohibition due to technology advances. That plan never went anywhere, and now it’s been officially dropped.
Texting and Wi-fi use are still allowed, so there’s no shortage of ways to keep annoying fellow passengers with a smartphone, but at least they won’t have to listen to half a mind-numbing conversation while trapped beside a stranger at 30,000 feet.
Unless that stranger is using Skype, of course. Fortunately, most inflight Wi-fi is still so crappy, voice-over-IP calls are more hassle than they’re worth. If it means a bit of peace and quiet in the air, long may that mediocre state of technology continue.
Google’s New Mapping Updates Promise to Suck Even More of Your Time
Google is always tinkering with its products, but two recent changes stood out as great time-wasters for travelers.
The first was a significant update to Google Earth. Already the ideal way to lose an hour or two checking out random locations on the planet, this latest version makes it even easier to disappear down the rabbit hole. You no longer need to download a separate desktop app — just visit the site in Chrome.
More interesting, though, is the new Voyager feature, which you get to by clicking the little ship’s wheel icon. Partnering with companies like BBC Earth, Google Earth now includes mini ‘experiences’, which add video, image and text information in a guided format. As if to prove my point, I just spent 10 minutes checking out the ‘Natural World’ voyage while writing this article, but there are dozens more.
Itineraries for major cities have also been added, highlighting the top tourist spots in a similar way. New York, London, Tokyo, London, and many others are already up, and Google plans to keep adding new places regularly.
For iOS users, the company also added the Timeline feature that’s been on desktop and Android versions of Google Maps for a while. We talked about it here — for travelers, it’s a useful way to get a diary-style view of where you went each day, including any photos you took on your phone along the way. If you’re worried about privacy concerns, though, it’s something you can easily turn off