# Locked out of AGR account again



## MARC Rider (Oct 25, 2016)

What's going on? I had this problem last month, and I called AGR, they were very apologetic, but the agent on the phone said she couldn't fix the problem, she'd have to write a ticket for the software crew to handle the next day (I was calling in the evening.) I eventually got in, but I did change my password, and when I went to check my balance this evening, I was notified that I was locked out again. I appreciate the concern for my online security, but if I can't log into my account, what good is it to me?

And they are telling us there will be no problems when we have fully networked self-driving cars!  If that tech works as well as most the tech I use, I expect to be locked out of my car most of the time and will have to call the help desk, and (maybe) have the car working the next day.


----------



## jis (Oct 26, 2016)

Some of us have looked at some of the REST interfaces that likes of Tesla provide for access over the internet. They are at best poorly designed by amateurs and are not that difficult to hijack, unfortunately. Hopefully things will improve over time. But security in IoT networking is pretty poor at present. The recent DDoS attack is proof positive about how poor things are.


----------



## KmH (Oct 27, 2016)

I can log in, but then I can't get to the page to buy some points.

"Error: Something went wrong"

Why do I have to log in again to buy points.

So last night I tried to reset my password, and that also didn't work.

I've sent AGR an email regarding my issues.


----------



## KmH (Oct 28, 2016)

I was able to reset my password, but still no access to the Buy Points page.

Got an email back from AGR. They wanted to know what OS and browser I use - Windows 10 Ver: 1607, and Chrome.


----------



## Devil's Advocate (Oct 28, 2016)

jis said:


> Some of us have looked at some of the REST interfaces that likes of Tesla provide for access over the internet. They are at best poorly designed by amateurs and are not that difficult to hijack, unfortunately. Hopefully things will improve over time. But security in IoT networking is pretty poor at present. The recent DDoS attack is proof positive about how poor things are.


IoT security has been a sad joke from day one. Nobody wanted to admit it but anybody with even a minor understanding of network security knew the IoT revolution was destined to become an unmitigated disaster. Millions of idle plug and play network devices with brief production runs and extremely limited support windows that were expected to remain online for years at a time?

The real solution isn't technical so much as legal. The penalty for designing/manufacturing/distributing/selling poorly protected/supported IoT devices has to be painful enough that it vastly outweighs the desire to simply ignore it. The nature of IoT devices requires that they have especially robust security protection and recovery measures. Unfortunately the reality of the situation is that they have some of the weakest and most easily defeated protections the internet has ever seen.


----------



## neroden (Oct 31, 2016)

I will say that Tesla is using significantly better security protocols than the vast majority of internet-of-things implementations. Still not as secure or robust as I want, but not "casual hacker can crack everything at once trivially" level, like most of 'em.


----------



## Bob Dylan (Oct 31, 2016)

I was unable to access my joint Amtrak/AGR Account yesterday, so sent in a Reset Pass word Request and it works fine now!


----------



## jis (Nov 1, 2016)

neroden said:


> I will say that Tesla is using significantly better security protocols than the vast majority of internet-of-things implementations. Still not as secure or robust as I want, but not "casual hacker can crack everything at once trivially" level, like most of 'em.


I agree. They certainly do not have n administrative login with the password "admin" frozen in firmware for anyone to use as their hack port  There is a Chinese outfit that has many millions of devices out with this unique feature and they have no way to withdraw them either. Those are the ones being used in the DDoS attacks. Some say that it is perhaps intentional and not an accident.


----------



## KmH (Nov 2, 2016)

I got an email from AGR today regarding not being able to log in to the Buy Points For Yourself page to buy AGR points.



> We are currently experiencing technical difficulties with our partner, Points.com. We are aware of the problem and are currently working to resolve this issue.


----------



## dlagrua (Dec 28, 2016)

I don't have much interest in buying points at a higher price than the redemption rate but I can't get into that area of the AGR web page even if I wanted to buy them. The password gets me into AGR but not into the Buy points section. Buying points is a losing proposition but if they ever go with the 50% bonus I may buy some points again to make up shortages. As it is now I am locked out but really don't care.


----------



## KmH (Jan 1, 2017)

I had that problem too - until I enabled 3rd party cookies in my browser.

With 3rd party cookies disabled I could not get to the points buying page.


----------



## Railroadgoddess (Jan 10, 2017)

Not being able to purchase points is definitely a cookie problem. Once you've enabled cookies (you may need to also clear old cookies) you should be all set.


----------

