Originally Posted by
Bonehead
Ok, but as it has been pointed out, users don't use their MP# on any other sites. The trouble likely stems from folks having a username/password to access their UA accounts that is the same as the combination that they use on numerous other sites. The MP#/PIN is therefore potentially much safer from hacks on other sites that would yield troves of usernames and passwords.
There are two issues here:
Users using the same user/password for multiple sites: doesn't impact me, I don't do that.
United using a 4 digit number to allow access to an account: I care, because that directly impacts me. This is my problem with their security.
When (not if) United gets their customer database taken, everybody's accounts will be accessible.
If they used real security (like requiring a real password and disallowing PINs), only people who chose poor passwords would get compromised.
Those that chose properly random string passwords would be unaffected.
There's a reason no online bank lets you login with just your ATM PIN.