top of page
Search
fibaseky

The Impossible Travel Agency Password: What You Need to Know Before You Travel



To handle such cases, we built a stream processing job that consumes, enriches, and aggregates several billion activities per day to detect suspicious actions. For each country the user was active in during the last couple of days, the visit details are stored as part of an aggregation of visit activities such as the user agents and ISPs that appeared during that visit. When a new event is triggered, we correlate the event with the stored visits to see if the activity potentially causes an impossible travel incident. This reduces the number of false positives and investigations.




The Impossible Travel Agency Password




Each impossible travel incident is based on two visits. Each visit represents an aggregation of user log activities during a session in a single country. The visit contains information such as user agent, IP address etc., that can be analyzed to determine if the visit was legitimate. Additionally, all the aggregated properties are saved - enabling us to compare them to the other visit. If they are similar enough, we avoid raising an unnecessary alert. An example of the aggregated properties could be the user agents that were utilized during the visit.


We add a visit to the visits store only when the location of the user is from a valid user location that represents a physical location. If we indicate, according to the tenant's IP ranges configuration or according to our geo-IP data that the IP doesn't represent a physical location, such as an IP used by a VPN service or a cloud provider, it will not participate in an impossible travel incident. Additionally, we avoid raising alerts on neighboring countries, while using smaller resolutions when it is required.


After an impossible travel incident is created, we classify each visit as suspicious or normal. If both visits are labeled as normal we suppress the incident to avoid triggering an alert on false positive scenarios. If a visit is labeled suspicious, an alert is raised.


News of the Heartbleed vulnerability has made a lot of people interested in better password management. Most of us know that our passwords should be random mixtures of letters, numbers and characters, and that we shouldn't re-use the same passwords on multiple sites. In other words, we're supposed to memorize a huge number of passwords designed to be impossible-to-remember. There's no way most people will do that.


So in recent weeks, a lot of computer-security experts have begun recommending password managers like Dashlane, 1Password, Lastpass, and Roboform. There are some major advantages to these services. They basically generate and remember your passwords for you. You use one master password to access them. The information is saved onto your devices and powerfully encrypted so it's almost impossible to hack.


Paper can also be taken. If you have a nosy boyfriend or teenage kids who might be inclined to snoop through your accounts, that's a cause for concern. If you travel internationally, a search at the border could reveal your passwords to a foreign government.


Passwords are omnipresent in our personal and business environments. An average person has around 100 passwords to remember for various accounts, and it is practically impossible to memorize unique, complex passwords for each of them. This leads to employees coming up with easy-to-remember passwords and reusing them for multiple accounts. Stolen, weak, or reused passwords are the top reasons for data breaches worldwide. It is up to the system administrators to ensure employees use strong and unique passwords for all their accounts.


National Institute of Standards and Technology is a non-regulatory agency of the United States Department of Commerce. It develops technology, standards, and best practices to ensure information security. NIST published its digital identity guidelines (NIST Special Publication 800-63B) in October 2017. Section 5.1.1 (Memorized Secrets) of the document talks about passwords and how they should be managed and stored. Although it is meant for federal agencies to meet regulatory compliance requirements, every organization can benefit from implementing these guidelines.


Both Suspicious inbox manipulation rules and impossible travel signals are provided by Microsoft Cloud App Security (MCAS), another great example of products sharing data with each other for the better.


Trisept Solutions is wholly owned by ALG Vacations Corp. ALG Vacations Corp. and its affiliated technology and marketing agencies, and travel agency distributors, gather, store, and process the information from the Trisept Solutions website. They help Trisept Solutions use customer information to create and distribute products, specials, promotions, and website features for our customers, ALG Vacations Corp., and their affiliated technology and marketing agencies, and travel agency distributors will not sell or share your personally identifiable information with any third party company or agency without your permission.


Information Trisept Solutions Collects The Trisept Solutions website collects customer information in a number of ways: when you sign up to receive emails, when your book online using the Trisept Solutions online booking form, when you fill out a Customer Service request, when you send a information request to a travel agent via their agency profile, when you send a comment to the suggestion link on our weekly email, and when you forward an email/webpage to a friend.


The information you supply when you send a request to a travel agent via an agency profile is a confidential communication between you and the travel agency. Trisept Solutions does not monitor these communication or collect data from them, except the total number of requests sent. Trisept Solutions makes no guarantees as to the way in which the travel agencies will use or protect the information you send them via their agency profile information request form.


Note: The email with your new password will come from no-reply@ustraveldocs.com. Some email applications have rules which filter unknown senders into a spam or junk mail folder. If you have not received your email notification, please look for the message in your junk and spam email folders.


Travelers who use E2 Solutions, but book their trips with a TMC other than CWTSatoTravel, can still use CWTSato To Go. Some TMCs are configured to have your trips automatically sync with the app. In other cases, simply forward your itinerary emails from your official email address to plans@cwtsatotogo.com. To verify TMC support for the app, contact your agency's travel management team or our technical help desk at support@cwtsatotogo.com. 2ff7e9595c


0 views0 comments

Recent Posts

See All

Comments


bottom of page