AGR Website

[printman2000]

Are your devices using the same internet connection? Perhaps it is an issue with your router or ISP.

 

[bratkinson]

Are your devices using the same internet connection? Perhaps it is an issue with your router or ISP.

Fantastic idea! I hadn't considered of that.

So, about an hour ago, I tried using my cellphone to connect and sign in to AGR while sitting in Lowes parking lot and with the Wifi turned off thereby forcing my Tracfone to use some prepaid data. I successfully got into the Amtrak app with no problem. Clicked 'Go To Amtrak Guest Rewards' and got 'failed connection due to incorrect data from website' or something like that after about a minute. Tried a couple more times and failed each time. So I turned on the Wifi and used Lowes free Wifi connection and got the same result as at home... the 'spinning wheel forever'.

What's even MORE interesting is that I couldn't remember the verbage 'Go To Amtrak Guest Rewards' so I tried my cell phone at home...NOW I've LOST over 6,000 points from 54K to 48K since logging on at Lowes! At least my Windows computer still shows 54K points....for now.

They are definitely going to HEAR from me tomorrow since I have no other way to contact them. Now all I have to do is remain civil while talking with the poor soul whose head I'm about to take off.

 

[bratkinson]

I called AGR earlier today. Deborah seemed friendly and interested in my problems and gave me the 'official' point and coupon totals which is reported on the Amtrak.com screen vs the -6K version on the Amtrak app on my cellphone. She said she would pass the info to their tech support staff. Hopefully, they'll get the problems fixed sooner rather than later.

 

[Acela150]

Macbook Air, El Captain (OS 10)
Chrome, Ver 74.xxx
No problems

I have the same software, just I’ve been using Safari. I’ve had on and off issues. I personally wish they would bring back the old version of AGR’s webpage.

 

[bratkinson]

Just as an experiment today, I tried a friends' Apple laptop to see how well it did, or didn't do with the AGR website signon. Same results as I get at home.

We both have the same ISP - Charter Cable. Perhaps they've instituted some kind of popup blocker that prevents the popup from AGR? Maybe AGR did something to the account screen that Charter automatically blocks?

I refuse to let this die. Not being able to buy points, for example, with the current 'up to 50% bonus' is frustrating. Not being able to see if all my travel segments have posted is quite annoying, especially since I bought a ticket at the Joliet Amtrak station a couple weeks ago and they were struggling to get my AGR number input as my train was arriving...

Anyone here have OK access to their AGR account AND have Charter Cable?

 

[Ryan]

No issues here, macOS Mojave (10.14.6 beta)/Safari (12.1.2).

 

[slither]

I can get to all areas of my account when I am logged in except for My Account Overview section. Called AGR yesterday and they didn't seem to be very interested in offering help. They said it must be on our end, your about the fifth or sixth call I've had today in regards to that issue. Just try again later or tomorrow. Any ideas ?

 

[bratkinson]

I can get to all areas of my account when I am logged in except for My Account Overview section. Called AGR yesterday and they didn't seem to be very interested in offering help. They said it must be on our end, your about the fifth or sixth call I've had today in regards to that issue. Just try again later or tomorrow. Any ideas ?

Just for kicks, I tried yet another friends Windows 7 computer on Charter cable today. Still unable to login to AGR. I also re-tried my Android cell phone while sitting in Taco Bell in Connecticut. Same result.

And for more kicks...just now, I tried logging on from my Windows XP computer using Firefox. I haven't been online with that computer in several years. At www.Amtrak.com, Firefox report that AMTRAK was using an outdated security configuration and therefore refused to connect. Firefox then reported it needed to be updated, which I did. Again, I tried www.Amtrak.com and got the same outdated security configuration message. Chrome refused to install on XP, so I couldn't see what Chrome would do.

Hopefully, tomorrow or Tuesday, I'll get a chance to try a friends Win 7 computer but he's on Kommie Kast (Comcast - it's a long story) and if it works there, then it's a Charter Cable problem. If it doesn't work there, then it's an Amtrak Guest Rewards problem. That's what it's down to, in my opinion.

Worst case scenario - I got a 3.5 hr layover between trains in WAS on July 8th. Perhaps if I knew which door to 'stick my head in' and raise a stink would get some results. Any suggestions?

 

[AmtrakBlue]

Try clearing the browser/cache on your XP/Chrome computer. It may be trying to hook up to the old amtrak.com site.

 

[Aegis]

I have all the same issues.. Mac Mohave 10.14.5. I also tried a chrome book, nothing works.. I want to book a trip in Oc/Nov hopefully they get this fixed soon..

 

[PRR 60]

No problems here with Windows 10 / Chrome. Seems like it's not a global issue since only a handful of users are reporting a problem.

Have you tried doing a passward reset on amtrak.com? Use the full reset from the "Forgot password" link in the sign in popup. It is possible that some accounts had issues when the old AGR website was merged with the main Amtrak page and that there are conflicting passwords in the system. Just a thought.

 

[bratkinson]

I just did the 'forgot password' thing. Same results. For what it's worth, I now have to have a 10 character password vs the simple 8 character with no caps and no special symbols I used to have. It'll take me a while to get the new one 'automatic'.

And yes, I type it every time. Auto-entered passwords and 'password keepers' all have one major flaw. If someone hacks YOUR computer, they now have access to everything...bank accounts, stock accounts, pension plan, etc. No thanks. And although I keep frequent backups of the important stuff on my computer, an SSD or hard drive failure would put most users 'out of business'. The same would be true if you lost your cell phone. Not for me.

 

[Ryan]

That actually makes you far less secure.

Passwords are stolen server side all the time, and when you memorize and type every time, you tend to reuse passwords and the passwords are shorter and easier to crack.

My auto generated, auto filled, 20 character gibberish passwords are unique to each site and put me at far less risk when someone’s password database is compromised. The probability of a bad actor going after your specific machine is orders of magnitude less than the certainty that your passwords have been compromised on the server side.

A decent article on the topic: https://www.washingtonpost.com/tech...-have-security-flaw-you-should-still-use-one/

 

[Devil's Advocate]

I just did the 'forgot password' thing. Same results. For what it's worth, I now have to have a 10 character password vs the simple 8 character with no caps and no special symbols I used to have. It'll take me a while to get the new one 'automatic'. And yes, I type it every time. Auto-entered passwords and 'password keepers' all have one major flaw. If someone hacks YOUR computer, they now have access to everything...bank accounts, stock accounts, pension plan, etc. No thanks. And although I keep frequent backups of the important stuff on my computer, an SSD or hard drive failure would put most users 'out of business'. The same would be true if you lost your cell phone. Not for me.

Data sets protected by eight and ten character passwords can be cracked in minutes when subjected to a targeted brute force attack. Which is why the IT industry changed "password" to "passphrase" around two decades ago. Online password keepers are fine for any account that won't bankrupt you if compromised. Offline password keepers are good for critical accounts. The weakest link in the security chain is the password reset email address. I could go into more detail but a culture that still can't comprehend why birthdays and Social Security Numbers should not be used as private identification probably isn't worth protecting in the first place.

 

[bratkinson]

I agree that shorter passwords can be easily cracked. Fortunately, many web sites have a '3 strikes and you're out' mechanism. So using the 'forgot password' mechanism to ones' email requires intercepting the email to work. I did that by mistake on my Social Security account a couple years back. So I clicked 'email me',,,,etc. Unfortunately, I had changed internet providers and therefore my email address since I had previously logged on to the SS website. I ended up going to the Social Security office, proving who I was, and having them 'reset' my password to something that had to be immediately changed when I logged on at home. At least I could easily get to a human to straighten things out. Try connecting to a live person at Ebay or Paypal. Nearly impossible. Banks and credit card companies are comparatively easy to get to someone 'real', even if they're in New York City.

Yes, if my computer is hacked with some kind of keyboard monitor, they can intercept the email, and go from there. For what it's worth, my passwords vary from 8 characters to 19 characters, using a combination of scripture references and special characters. My longest passwords are for bank and credit card sites as well as ebay and Paypal. So knowing my birthday, my wife or childs' name, or even my dogs' name won't work as a basis to crack my passwords.

 

[Chessie]

The Amtrak app is slow to update my points while the website has always been quickly up to date (knock on wood). I wonder why? Are they pulling data from different databases?

 

[pennyk]

On Facebook, I just saw the following "solution" to the AGR issue:

Solution to the Amtrak Guest Rewards continual "LOADING" situation.

I contacted Guest Rewards today and was able to finally make a needed correction so that my AGR would load. On my desktop with Chrome, I signed on to Amtrak.com. There should be a link at the top of the page to Guest Rewards. In Windows clicking that will bring up a drop down menu. Click PROFILE and then go to "Discounts". My preferred discount was "Senior". Change that to "ADULT". Save your profile change. And then sign out.

Sign back on to Amtrak.com and when you click on Guest Rewards on the Drop Down menu click on Overview at the top of the menu and "PRESTO" Guest Rewards loaded completely for me.

Good Luck. Just be sure to change your preferred discount from Senior to ADULT.

 

[bratkinson]

Penny, and all others having this problem. THAT'S THE SOLUTION!! Switching to 'Adult' did the trick!!! I guess being an old geezer now makes it harder to do things! Hallelujah!!!

Not knowing this is the solution, I went to my friends house today who has both Verizon DSL and Comcast Cable as his ISP. I tried his Win 7 computer and his Linux computer using Firefox and Chrome. I even brought my laptop and connected to his Wifi and tried that. All failed.

I've proven by using computers other than my own, it's not computer dependent nor router dependent. Using different browsers proved it's not browser dependent. Using different operating systems proved it isn't operating system dependent. And today, I proved it's not ISP dependent. It is strictly a 100% Amtrak IT problem! Coming up with the workaround proves it is absolutely an Amtrak IT problem.

For what it's worth, I managed to write a lengthy email to Amtrak without signing on describing all the steps I've taken. Surprisingly, it went through. So not being signed on works OK to use the 'contact us' email. When I had tried being signed on, it failed with various script-related error messages.

THANK YOU PENNY for posting this!!!

 

[Devil's Advocate]

Fortunately, many web sites have a '3 strikes and you're out' mechanism.

Nearly every major website that has been compromised in the last decade also enjoyed a multiple failure lockout feature. There are many methods of attack and the user level front end is but one of them. Although relatively unknown at the time, modern email is based on a clear text post card style delivery process born in the 1970's when 99.99% of private communication still lived in the analog realm and cyber crime was a vague threat from a distant future. Even if every email were encrypted it wouldn't change the fact that many major email providers have been hacked repeatedly. The problem with fixing the current system is that none of it was originally designed with dependable end-to-end security in mind, so even our best and brightest solutions are still being built on hollow foundations.

 

[Barb Stout]

Penny, and all others having this problem. THAT'S THE SOLUTION!! Switching to 'Adult' did the trick!!! I guess being an old geezer now makes it harder to do things! Hallelujah!!!

Not knowing this is the solution, I went to my friends house today who has both Verizon DSL and Comcast Cable as his ISP. I tried his Win 7 computer and his Linux computer using Firefox and Chrome. I even brought my laptop and connected to his Wifi and tried that. All failed.

I've proven by using computers other than my own, it's not computer dependent nor router dependent. Using different browsers proved it's not browser dependent. Using different operating systems proved it isn't operating system dependent. And today, I proved it's not ISP dependent. It is strictly a 100% Amtrak IT problem! Coming up with the workaround proves it is absolutely an Amtrak IT problem.

For what it's worth, I managed to write a lengthy email to Amtrak without signing on describing all the steps I've taken. Surprisingly, it went through. So not being signed on works OK to use the 'contact us' email. When I had tried being signed on, it failed with various script-related error messages.

THANK YOU PENNY for posting this!!!

OMG, this is so weird! How ever did they (and who is "they") discover that "work around"? It does seem cruelly ironic, doesn't it?

 

[George K]

That solution just worked for me as well.

On my Mac using 1) Safari, 2) Firefox and 3) Chrome.

Thanks!

 

[Ryan]

Nearly every major website that has been compromised in the last decade also enjoyed a multiple failure lockout feature. There are many methods of attack and the user level front end is but one of them.

This.

The chances of someone attacking your personal system are vanishingly small, whereas the databases that store your passwords server-side (more correctly, hashes of your password that are often able to be reversed) are compromised on a routine basis.

Your best bet for security is a long, nonsensical passphrase, completely unique to every site that you visit. That's impossible to manage in the human brain, ergo the password manager.

 

[bratkinson]

I attribute the problem to a failure of regression testing the web site after changes have been made. These days, there should be a lengthy, automated series of web site test scripts that validates whether or not everything that used to work in a specific way still works the same way after the changes/enhancements were made. The exceptions, of course, should be only what is different as a result of the enhancements. Given the major overhaul to the AGR web site (I never saw it until I could log on yesterday!), I would tend to suspect that somebody (or somebodies) failed to test with a 'senior' passenger type. Perhaps the new AGR side was simply never programed to 'expect' a 'senior' logging in resulting in an internal 'type code' failure.

I also believe the reason for the failure to perform sufficient regression testing is the overwhelming 'requirement' to 'make the implementation date no matter what' attitude that is prevalent today in all large corporations. The world today is 'get it done, get your atta-boys/girls and/or promotions, and move on'. Let the problems and software bugs be handled by the maintenance staff...aka...someone elses' budget.

 

[Devil's Advocate]

OMG, this is so weird! How ever did they (and who is "they") discover that "work around"? It does seem cruelly ironic, doesn't it?

I don't know if this was rhetorical or not but they probably pieced it together by first duplicating the error condition and then parsing through exception flags and event logs. Or at least that's what I would probably do.

These days, there should be a lengthy, automated series of web site test scripts that validates whether or not everything that used to work in a specific way still works the same way after the changes/enhancements were made.

Here is an interesting thought experiment. Try to envision a logical framework for a system "A" that automatically tests every function of system "B" without duplicating nearly all of system B's code and connections.

 

[bratkinson]

Here is an interesting thought experiment. Try to envision a logical framework for a system "A" that automatically tests every function of system "B" without duplicating nearly all of system B's code and connections.

Actually, that's not as difficult as it would seem. Let's use Amtrak.com for an example using my best 'guestimates' and/or SWAGs for numbers...

For profiles, only 'Amtrak employee' (2 possible values) and 'passenger type' (5 possible values) would affect booking. Favorite boarding/destination stations are irrelevant as is name, address, etc.

For tickets, let's use 1000 station codes for easy calculations (1,000,000 station pairs, automatically created and put into a serial table), and a maximum of 50 trains per day one way on each route (NYP-WAS, for example, each train type/consist is coded in the table). Ticketing options include one way/round trip/multi city as well as price options (saver/value/flexible/business) as well as accomodations (Acela First Class/roomette/bedroom/handicap/family), each dependent upon equipment type and are also coded for each specific train # on that route.

Now, it's a simple task to build any quantity of embedded loops (DO, PERFORM, BXLE, etc) to 'spin through' all possible options for each variable. Think of it as a giant 'odometer' where each digit has anywhere from 2 to 1,000,000 possible values and as the least significant position 'rolls over', it increments the next higher position, and so on. For the historians out there, this is the principle of how Alan Turing's Enigma decoding machine functioned.

The 'guts' of the most internal 'spinning digit' would 'place' each value in the appropriate 'box' on the 'internal screen' using X & Y coordinates previously determined from each possible booking screen. When all the positions have been 'filled in', the equivalent of <enter> is simulated and the AMTRAK.COM website does whatever it is supposed to do. Each Amtrak.com screen is numbered for easy comparisons between old and new. The resultant screen would then either be saved and used by a subsequent screen 'compare' program, or else a previously 'saved' screen would be compared on the spot for differences and the differences posted on a file for review.

All of this could be specifically programmed for the progression of Amtrak booking screens. Although more difficult, it could also be programmed 'generically' and manually created tables that could be read in to describe each screen layout (field #1 at X and Y coordinate, etc) and possible values for each data box, by screen number, recorded in individual tables. Of course, the 'progression' of one screen to the next must also be put in tables that are cycled through for each iteration and following through the progression of resultant screens until 'click to book' and booking confirmation.

I know what I wrote above is all gibberish to most of those who read it. In my application programming days, I've programmed scientific 27 dimensional space problems, real time 3-D graphics, and even 10 dimensional arrays (think of X/Y/Z coordinates of items in a case of items, then cases piled up in a container X/Y/Z, and containers loaded on a ship X/Y/Z, and so on. Each specific item could be located by 9 unique coordinates), and, of course a large number of computer language and/or online and/or database translators. Using lookup and conversion tables was a way of life in my working days.