Strong Authentication

Most of us are familiar with the 6-character airline reservations numbers. Today it is almost impossible to travel without one. They uniquely identify a booked trip (which may include multiple tickets) and any related action requires that number. Check-in, itinerary change, cancelation... 

To make sure the reservation number is used by an authorized person, airlines typically ask for a surname, before allowing any changes. But the surname is rarely a secret. So when someone shares the ticket information which includes the reservation number, basically anyone can access that reservation. Twitter is full of stories when a person innocently posted a flight ticket only to realize someone called the airline to cancel her flight. Hard to say tru or fake but possible nonetheless. So be careful.

It seems now at least some airlines learned the lesson and have rolled out additional authentication steps, such as a temporary code. So unless you have your email account hijacked, this additional protection should work well. But still majority of airlines do not implement this extra security step.

Of course email hijacking is an entirely another story. Emails today contain tons of private stuff, including private stories, and are increasingly used to authenticate logins and password resets. So while many people do not see it this way, protecting access to an email account is probably the most important aspect of securing your digital twin.