FlyerTalk Forums - View Single Post - Suspended MP Accounts / Username Access Disabled / 3rd Party Security Breach-Dec 2014
Thread: Suspended MP Accounts / Username Access Disabled / 3rd Party Security Breach-Dec 2014
View Single Post
Old Feb 19, 2015, 7:47 am
  #130  
Bonehead
FlyerTalk Evangelist
 
Join Date: Jun 2003
Location: DEN
Programs: UA MM Plat; AA MM Gold; HHonors Diamond
Posts: 15,866
Originally Posted by Kingston
Compromised accounts come from brute forcing or password lists against an offline copy of the accounts database usually acquired through some other exploit.
So while no one is attacking your account with the live United system (and getting locked out), if anyone gets the password tables (even if hashed and salted) pins are trivial to break.
And most companies like to not disclose unauthorized access to these credentials.
Four digit credentials are terrible. Period.
If someone has a list of passwords and PINs, what's the difference?

Since about three failed login attempts locks the account, the hysteria regarding PINs seems a tad overblown.
Bonehead is offline  
Reply