Thrills & Chills in Frequent Flyerland

In 2018 I had a chance to compare top tier status on both United and Alaska.  Most of you are probably running away screaming at spending that much time on airplanes, Graph showing all my flights (2010-present, not just 2018) courtesy AppintheAir but I love it, it is a perk to me not a drawback. Here are my thoughts on United MileagePlus Premier 1K vs Alaska MVP Gold 75k, for all you crazy folks who are air[plane][port][line] geeks like me.  Yes, this is anecdotal, but at 190k miles last year, spent both on business and personal travel (remember, I’m a Canadian married to an Australian, living in the US), I have *lots* of anecdotes.  (note: all photos mine, I tweet a lot of them under the hashtag #ViewFromTheWindowSeat on Twitter. The map is from AppintheAir)

Best Perk: Adjacent Flight Hopping

Adjacent flight hopping is the allowance that the airline makes for a passenger to move to a confirmed seat on a different flight without paying either a change fee or a paying for an uplift in fare.  For both United and Alaska, flights can be hopped starting at check-in time right from the mobile application.  There are so many times when it is valuable for either personal or business reasons to change to a different flight. Having the option to pick an alternative flight gives you freedom – it lets you Photo by P. Dingle. all rights reservedcompensate for mistakes, stop in to see old friends, or add that one critical meeting to your visit.  Alaska lets you hop flights on the same calendar day as your flight, which gives you a limited number of choices -generally, you can vary your fight by up to 8 hours or so, but only if  there is an earlier or later flight to be had.   United, on the other hand offers hops in a moving 24 hour window, which gives you the opportunity to confirm a seat on a flight the day before or after.  You can even walk your flight forward 2 days if you are willing to monkey-bar it, ie grabbing later and later flights as the 24 hour window opens those options up.  It doesn’t always work and you can get burned if you make assumptions about what will be available to you (especially watch out for codeshares, they are not eligible).   But I have had excellent luck with this feature, it has made my life so much better so many times.   It would be very difficult to give up.

Best Food Service

The obvious answer is that any business class food service is great when you’ve been upgraded. Anything less is just being churlish :)  I appreciate the Photo by P. Dingle. all rights reservedAlaska non-stick trays and the United practice of serving appetizer and entrée together rather than separately (because it means the amount of time I have to close my laptop is less).  I like Alaska’s wine selection.  In the regular cabin, I love the United policy of granting a free beverage & snack to premier 1K folks, it is a really thoughtful acknowledgement.  

Best App

United has the best mobile app, hands down. From a status perspective, I especially appreciate that united has the 1K dedicated phone line listed in the app so I can easily call it, while the Alaska app doesn’t even tell me I get a phone line, let alone what the # is.   Seat selection is also much easier on United, Alaska does really wacky things like tie your upgrade ability to your seat changes, where picking a seat sometimes results in a threat to remove you from all upgrade lists.

Best Upgrades

 It is *really* hard to earn MVP Gold 75k status on Alaska, when those 75k miles have to be domestic and are judged on actual distance, not spend. You can’t buy your way into it (first class flights earn a multiplier but not a huge multiplier), you just have to fly. We’re talking 15 cross-country flights in 12 months.Photo by P. Dingle. all rights reserved But once you earn it, you get upgraded a *lot*.  Compare this to United, where there are a gzillion 1K flyers.  If you’re on a cross-country flight you can *try* to use a RPU or GPU but generally those are more like a cruel joke than a perk, the chances of it actually putting you high enough on the list to get an upgrade is low.

Best Next Tier Down

As much as the top tier is amazing on Alaska, the next tier down is a disaster.  Being a tier down on United essentially lowers your chances to get an upgrade from improbable to impossible, but – you can still book a confirmed seat in Economy plus.  The Alaska Gold MVP doesn’t let you book in their premium section, it is part of the upgrade pool.  So, your only confirmed option at booking time is economy.  That is a non-starter for me.

Best Lounge

United wins this hands-down. United has more lounges with more space to sit, in more airports.  The décor is brighter and there are more windows.  As someone with multiple home bases and varied airport destinations, flying Alaska is a problem in this regard – and yes, I have a priority pass and can use it for other lounges – but often those passes (and even Alaska’s partner lounges) have “hours”, so if you fly first thing you are often out of luck. Lounge access is a paid-for perk, but I did like that on Alaska, you got a discount for being MVP Gold 75k.

Best Status Match

I can only really talk about Alaska’s status matching, since I earned my 1K premier membership the old-fashioned way.  I’m not sure Alaska’s status match program does what is supposed to do, which is to lower the friction for high value frequent flyers to change to Alaska.  I status matched over at the end of April, and had 75k status for 8 months – 2/3 of the year.   In that 8 months, I flew 50k miles (2/3 of 75,000 miles).  I got a lot of value from the match – and I flew at velocity commensurate with the privileges that were granted to me.  I fully expected to keep up that velocity, but it turns out that Alaska doesn’t take velocity into account.  Despite flying as frequently as any 75k member for 8 months straight, I am only a gold MVP today.  Had I status matched in in the October time-frame, I would have gained status 2018 and 2019, but I made the mistake of coming in at a time when achieving the goal was nigh impossible.  While I respect that Alaska gets to set their rules any way they see fit, this is a terrible business decision.  Had top tier status been conferred at the end of 2018,  I would have worked hard to continue to earn that status.  But being MVP gold, there is zero incentive for me to put that kind of work in.  Not when it means that I can only confirm an economy seat in advance.  A guaranteed Economy Plus seat on Photo by P. Dingle. all rights reservedthe aisle with a free beer and a free sandwich on United trumps an economy seat with some chance of last-minute premium economy upgrade on Alaska always and forever.  In case you are wondering, I did call Alaska to make the case that it was a win-win for me to stay at MVP Gold 75k and continue to fly at my current high velocity. The proposition was politely declined, because apparently my status match was the only accommodation Alaska was willing to grant me in the next two years.  I can’t really argue with that, it is their program.  So, I guess it ends a draw.  It was very nice of them to let me try MVP Gold 75k.  I definitely did not abuse the opportunity, I flew more than 6,000 miles a month.  It was a great relationship while it lasted, and I will probably fly a little bit with them still, when the price or time suits my calendar. 

My Advice

Alaska’s top status is great – they win at business upgrades, but aren’t quite as strong in the areas of the app, the lounges, or the flight hopping options.  They are a great airline with great staff, and other than that one time they upgraded me, then gave away both my new seat and my old seat, I was consistently happy with how things worked.  If you decide to status match in to the program in anything other than January or Oct-Dec, just know you are highly unlikely to be forming a permanent top-status relationship, no matter how much of a high value customer you turn out to be.  In comparison, United gives you a lot of freedom and flexibility to hop flights, lots of lounges, free meals no matter where you sit, the ability to earn miles on international flights. If you travel enough that you can devote domestic travel to Alaska and still make 1K with United using international, it is a pretty great combination. 



Window Media Creation Tool 8gb Error

Well, in a twist of fate that I am still bemused by, I am in Microsoft-land now and this fact has led me inevitably to my first Windows install since about 2008.  It went pretty well, except that I didn’t have the recovery key for the previous installation, so had to do a scratch install.  You’d think it would be easy, since they give you a tool that does all the hard work! All you need is a USB drive of at least 8gb to become the installation media.

But then you put in your larger-than-8gb USB drive and the program says “Your USB must be at least 8gb!!”.   You reformat, you think “Maybe I need FAT32”, etc.  No luck.  All roads lead to the mysterious 8gb error, even when your USB drive is empty and large.

So you look online, and the forums say “you ALSO need 8gb of space on your regular hard drive”, so you go look and you have hundreds of gigs of space on your C: drive.

But here’s the thing.  You may have hundreds of gigs of space on your hard drive, but you may not have permission to write to the one little spot that the Windows media creation tool needs.  So, if you are getting the 8gb required error using the Windows media creation tool, it could be because the machine you are using to create your image is hardened in such a way that you can’t write to the C: drive no matter how much space you have.

The workaround?  Easiest is to find two USB drives that are at least 8gb.   Mount them both, copy the Windows installation media file to one and run the windows media executable from that drive.  Specify the other drive inside the tool, and presto change-o, you’ll get a bootable Windows installation drive out of it.


Day of Amazement – Technovation Calgary, 2018

Last weekend, I spent a day with an amazing set of young women.

I was invited to be the judge of the chapter of the Technovation Challenge in my hometown of Calgary, Canada.  Volunheroes - Technovation 2018Twelve teams of teenage girls worked to conceive, pitch and build a mobile application that addressed a problem in their community.  Team after team of young women hit the stage to share their vision and accomplishments, and to later give demos to the judges and the crowd.  What a *great* idea this whole enterprise is! While I only had to commit a weekend, there were a ton of people who put hundreds if not thousands of hours into this opportunity.  For any of you who feel like it is impossible to impact the ‘pipeline problem’, take a look at getting involved! As I understand it, Technovation is global and there might be an opportunity to work with girls in your own area. I wish I could explain the sense of agency I got from these girls, they were out there getting it done.  Also, I almost fell off my chair when one of the girls answered a live question about privacy of user data by noting that they could use a product like Auth0 to help!  My jaw hit the floor.

I am so excited to have seen this program in action, to see the tools that were chosen and the approaches that were taken.  I can’t think of a better way to teach entrepreneurship, technical fearlessness, presentation skills and teamwork.  I am in personal awe of Mea Wang, who works as an associate professor in the computer science department.  To pull this off is a spectacular accomplishment, thank you for paying it forward – you are making a huge difference.

The best lesson for me was a simple one. You might have thought these girls would be wowed by me! A real woman in tech! We get trained by twitter and the media to think we are rare and to be remarked upon.  But no – in reality I was just a random old person.  The people who are making impacts in the lives of these girls are not some fancy person with an “accomplishment”.  It is the men and women they see every day, acting in local roles of knowledge and authority, encouraging and building and expanding these girls’ dreams.  Kudos to all of you who act in that capacity.


Well here I am!

I am officially a Microsoft employee, holy smokes.  I’m pretty blown away by this initial experience… I’m sure you’ll all view what I say next according to whatever confirmation bias you bring into this — but the initial Microsoft experience is pretty spectacular, and I say this as someone who isn’t pre-conditioned to see everything with rose-colored glasses.  These people take *care* of their people.  I love that.  I also love the charitable giving program.  I don’t know if I’m allowed to describe it, but I can’t wait to max it out.  I love the corporate commitment to sustainability.  If you’re going to be in a bubble, it should be a self-aware bubble, right? This is an incredibly self-aware bubble, and I wouldn’t want it any other way.

My two axes of initial judgement are pretty simple — how do you treat your people and how do you ONBOARD them.  This was a pretty slick onboarding.  Within a day I had initialized at least 3 factors of authentication, maybe 4 depending on how you count such things. I could access resources that mattered, and it was a pretty seamless experience.

Stay tuned – in future updates we will get to see me tackle new standards, and my failures will hopefully be your learnings. Or at least your entertainings :)  My scope will expand and I can’t wait to share that. It is a lot less scary when you are backed by the incredible team that Alex Simons has built here.  Life is full of possibilities!


The Game’s Afoot!

After eight and a half years at Ping Identity, I am amazed to say that I’m moving on. I have had the privilege of working with incredibly talented people, from the CTO team to the product management team, to the entire field sales and technical corps.  I am so proud of what Ping has made in the last eight years and of the things that we have chosen to hold dear: quality software, long-term deep relationships with customers, and leadership in identity standards through practicing what we preach.  Also, serious costume parties 🤪

Some of my favorite PingIdentians

My other incredible windfall has been to meet brilliant and talented customer architects. They have taught me so much about the bigger picture, the reality that all the vision has to fit into, before it can resonate.

Last, I want to say something about the two people who were my direct superiors at Ping, Patrick Harding and Andre Durand.

Andre and Patrick (and costume parties)

Patrick and Andre took a chance on a relatively unknown Canadian identity geek, brought her onto the team and gave her support, autonomy, and opportunity.  I would not be the person I am without the mentorship and friendship of these two amazing people.  Thank you for believing in me.

Sometimes life surprises you – and I was recently surprised by an opportunity to really challenge myself in terms of growth and impact. So – onwards!  I am excited to say I am joining the Microsoft Identity team, working for Alex Simons as Director of Identity Standards. I can’t believe that I somehow get to work in the rarified air of this team, with some of the people I admire the most in Identity.  It took about 30 seconds of discussion with Alex to realize that this opportunity represented a chance to work with incredibly smart people, participate in complex problems that have to be solved at massive scale, and most importantly, to be able to advocate for standardized solutions to those problems, allowing for the whole industry to adopt secure patterns even if they don’t have the reach or resources of a company like Microsoft.

Anyone who knows me knows that getting to talk identity standards like OAuth & OpenID Connect all day every day is my idea of heaven; I can’t wait to see how the bits fit together for customers at the consumer and multi-tenant enterprise scale of MSFT.  What will the future hold for identity standards? I have a few strong opinions in this area, but there is a whole new world of perspective awaiting. I hope I can some part in defining that future, wherever we all end up.

Stay tuned, I hope to do a lot more writing here, now that I can really focus on driving industry conversation, and I can’t wait to work with everybody in my new role!

Wish me luck!

I will miss you all, stay in touch!


Saturday Night in London

It’s about 9:30pm on Saturday.  I’m in a bar, on Hackney road in London, that I simply stumbled upon while wandering around.  It is an incredible place.  It is called “The Natural Philosopher” and I heartily approve.  It is an odd and slightly twisted cross between an old fashioned victorian study, and a curio shop.  I would take a picture – but this isn’t the kind of place you take a picture in.  It’s meant not for Facebook check-boxing, but for people to sit and be in the moment.  And here I am, in the corner, working away at the laptop.  Better than trying to snap pictures though.

I haven’t written here for a long time.  But I dream about it.  I live a kind of guilt-driven life in some ways – how can I write here, when there are so many other greater priorities, outstanding commitments, all the things people are waiting for me to deliver?

But, sometimes the time is right.  My world is a lovely place, I have an amazingly balanced life, whereby I have good measures of intellectual stimulation, external validation, loving support, and independent exploration.  There are frustrations too, but there always are.

I think I will write here again soon.  There is so much to talk about, amazing changes and improvements in the identity world, pushed by sometimes surprising forces.  And I’ve started playing with the Arduino, so there is wonder there that I would enjoy sharing.

In the meantime, I shall enjoy this strange, unexpected, odd bar in a place I have always wanted to explore.  Even if I am the strange one in the corner with a laptop, the screen probably gives me an even more surreal look than the decor…






When your Empire has no Clothes

How many data points does it take to call something a trend?  With the hack and subsequent data dump of the internal files of Hacking Team, a company most of us never even knew existed until this week, the world is getting to see a very public examination of the naked inner workings of an organization. This is the second time I can think of this kind of hack occurring.  The first was, of course, Sony Pictures.

Some number of hackers have turned two different organizations inside out from a digital perspective, exposing even the mundane stuff for public ridicule.  And some of the most harshly ridiculed practices of all in both cases involved passwords and credentials.

In the case of Sony Pictures, the effect was acutely embarrassing.  Scores of Excel spreadsheets, detailing personal, business, and IT system passwords, with filenames like “website passwords” and “usernames & passwords”.   When Gawker writes an article detailing what morons you are,  you know it’s bad:


In the case of Hacking Team, enough data was dumped for both the obvious stupidity to come to light, but also for hashed passwords to be brute forced, to be gleefully revealed in horrific detail on twitter.  The examples below are (a) a dump of the admin’s Firefox password manager, and (b) an excel spreadsheet containing VPS credentials.







So, let’s assume that this ‘dump and roast’ trend is really a trend, and will continue.  Perhaps it puts a little more personal skin in the game.  We all get lazy. We all take shortcuts.  But perhaps now that there is a risk that all those shortcuts get dissected at a later date, with a very sharp scalpel.

Trying to look competent during examination by your Future Hacker Overlords.  It’s an odd thing to imagine as a security influence.  But right now, it feels like it might become a thing….

Reflections of an Identity Geek on the JLAW Fail

I’m sitting here, in the dark, when I should be sleeping. Thinking about how 100 different iCloud accounts were manipulated to give up their secrets.  We should all be taking a hard look at what constitutes account recovery in this day and age of the internet. Disclaimer – I haven’t had a coffee yet this morning.  If I sound like a raving lunatic, this may be why.

As the dust settles, it appears that the attackers walked in the front door.  Well, the side door actually.  Data is sketchy, but it looks like account recovery processes at Apple were manipulated to give access to attackers.  Why can this even happen?

1.  We design only for the Lowest Common Denominator

When an account recovery loop is assembled by a service, it is the same loop regardless of who you are. Or how savvy you are.  Or how likely you are to be targeted for a given threat.  Why is this?   Why not keep the base recovery experience as the one where you get if you can barely spell computer and these password things are scary.  But why not let people with stronger needs self-identify?  Allow people to ask to jump through more hoops, to supply more, and better, information in order to receive more, and better protection from targeted attacks?

I know exactly why this kind of “better security” doesn’t happen.  Because for every JLaw attack, where the security could have helped, there are 10,000 regular people who would turn on a feature like this and then get locked out of their account.  There, I said it. The lowest common denominator is: that the public expects is that even if they do everything wrong, even if they cannot in any reasonable or provable way identify themselves as the actual owner of the account, they should still get their data back.   And the cost of dealing with those 10,000 upset locked-out people, both in PR and support terms is very real.  More real and more common than cost associated with the relatively few that get hacked.

2. We have purposely created a Stateless Machine

When you choose to try to recover an account today, you generally do so in a vacuum.   You are asked to identify yourself, and the information you give is often considered in isolation.  Do these two strings representing your dog’s name and your first school match the hashed strings stored in our database?  Yes?  Great!  Keys to the kingdom!   Doesn’t matter that somebody has been trying and failing to do the same thing three times a day for the last week.  No sense of suspicion is placed on this success as a possible culmination to all those failures.  This is part of why an attacker can keep calling help desks over and over until they succeed, and why they can keep using online forms over and over until they succeed.  Also — see #1, whereby it isn’t that unusual for people to really fail at knowing their recovery information and to still expect success.

The whole reason these systems were built to be stateless is because they were built to scale.  But those requirements need to be examined.   It should also be a requirement to at least try to recognize when an attacker could be systematically probing recovery systems, ranging from digital forms to help desks, maybe even in-person resources, or direct emails to IT staff.

3. We keep the User in the dark

If somebody is systematically probing at a given user’s account, don’t you think it would be valuable to tell them, so that they can try to form their own understanding of their safety?  If you’ve locked yourself out of your account, I’m sure you won’t mind the notifications.  And if you haven’t locked yourself out of your account, those notifications may be very important. For example, receiving a notification from every one of your email accounts and your bank in a 24 hour period is something that may not be so significant to each system, but should ring serious bells for the individual.  There are programs like Shared Signals that are evolving to help with cascading identity attacks, but for now, the only person who might see the pattern is the user.   And they are not involved in the process.

4. Users don’t care until it’s too late

It’s true.  There are lots of optional things people could do to be safe that they never bother with.   But perhaps, if there was a way to make users aware of recovery question guessing attempts against their account, users might get scared a little sooner, and carefully contemplate their options.

The WORST THING about this breach

I understand the prosaic duh moment going on where people note that the best way to not have naked pictures stolen is to not have naked pictures taken.  But this should in no way mask the failure that has taken place from an implementation standpoint.  We need to safely store and share sensitive things. As a society. We need to trust that accounts we create and populate with our most treasured data are not just swiss cheese for anyone willing to stalk a specific target.  The old canard of “Doctor it hurts when I do this”/ “then don’t do that” doesn’t help if the underlying problem is disease rather than a boo boo.  This issue is not a boo boo, and turning the iphone camera off will not prevent the spread of the disease, it just prevents one symptom from showing.


If the identity fairy came to visit and granted me three wishes, here is what I would wish for.  These aren’t qualified recommendations in any sense — just a place to start.

  1. Provide options for users to customize their own recovery ritual.
    1. Include things like
      1. Turning on notifications for events like calls to the help desk or for use of the password reset form
      2. Adding additional or alternate recovery steps
        1. Additional identity proofing steps before help desk support will engage  – like requiring a 2FA authentication before the call continues
        2. Requiring that KBA answers be retired (or at least flagged for review) after a certain number of incorrect guesses
        3. Turning on additional 2-factor authentication for services that may not normally be protected (see above for an example
  2. Architect for recognition of accounts that self-identify (or are verified) as likely targets
    1. Help Desks should be able to recognize high-fraud-risk accounts
    2. Audit and accountability should be elevated
    3. Work towards a point where the system figures out who the high-risk accounts are in real time
  3. Track the use of recovery mechanisms, and make the history available to the user.
    1. How many times has a recovery question been used
    2. How many times has the form been submitted with the user’s user name
    3. How many times and when has the help desk been notified

The sun is long-up now. Time for reflection to end, and reality to intrude again…

The next conversation to be had

Ok, now that CIS and Catalyst conferences are (almost) out of the way, we need to rally the identity geeks and start talking about OAuth and OpenID Connect design patterns.   We need to get some public discourse going about token architectures for various real world business access scenarios.

The value proposition needs to be made more concrete.  So let’s try to push on that rope in the next few months.



I’ve finally had time to spruce up the site a bit! Feels good to move things around.  You know me, I like playing with the federated identity options — so have taken out the google identity toolkit.  I have a half-formed plan to install the Facebook plugin and then perform experiments on their new anonymous login and granular consent features….  of course that will eventually come out too.    Commenting and registration methods have never been stable, at least not since the infocard integration was taken out. Good thing you’re all hardy :)  so if you want to comment and say hi, you’ll probably have to recover your password.

copyright Pamela Dingle 2014