I was with a friend last month when he tried to change a reservation he had made using points from a Hilton account. He thought he had 2 million points. When he opened the account, he had none. Points in loyalty-based accounts, such as those for hotels and airlines, are the new target for hackers.

In and of themselves, the points have a low cash value but more considerable value for other things, especially travel and hospitality services. Airlines and hotel chains are among the leaders in partnering with banks to offer credit cards to build points – and you could make a full-time job out of trying to maximize your points. Personally, I’ve stuck with United Airlines and have been able to book tickets that would have cost thousands of dollars.

So, the question is: How are you protecting your points – and your merchant accounts, such as Amazon Prime? We suggest you take two immediate steps:

1. Set up two-factor authentication (2FA). Just about every loyalty program and merchant websites, such as Amazon, offers 2FA as an option or requires it. It’s easy to set up, and the authentication uses a device that should be in your possession, such as a phone, tablet, or computer. The extra step may be inconvenient, but it will help you save your points.
2. Monitor your accounts. Check-in periodically to make sure the points are in your account. It’s no different than checking your bank accounts, credit card accounts, etc. We can sometimes be reminded about the points in our loyalty programs by promotional emails, but if we’re not paying attention, we can click on a bogus site from a bogus link in a phishing email. We always like to get to a website by opening a browser window.

For the long term, we always recommend a password manager in combination with 2FA. The password manager allows you to use complex, unique passwords for each website that requires a password. You only need to remember your master password when you use the password manager. But if you use facial recognition, you can even skip using the master PW. It’s faster and safer.

Many password managers have both corporate and personal programs. The corporate programs can eliminate that nasty, sloppy habit of using sticky notes to paste passwords on monitors and allow you to have strong passwords for each website account used at work. The personal programs have multi-user modules.

One thing we like about password managers, such as Dashlane, is that they are at the forefront of eliminating passwords through biometrics and other methods. By having a password manager, you’ll be positioned to transition to newer, more secure ways to protect website access.

We can help you set up password protection programs for individuals, families, or businesses. Contact us by phone – 973-433-6676 – or email to discuss your options and arrange for installation and configuration.