My usual miles & points tracking site started getting an error from Club Carlson. It seems they wanted a new password to be set, and the process was painful enough that it deserves calling out. If there's a Carlson rep here, you may want to escalate this one: The website insisted on sending a password reset email; it wasn't enough to login using the old password. That email was sent as HTML-only. Copying and pasting the link from the email did not work: there was a parameter embedded in the href tag that was needed to make things work. And the password rules were overly robust for the threat model. It was a fair bit of pain to maintain an otherwise very low-touch relationship. If I didn't have a stash of Carlson points, I'd be tempted to walk away.