Company Representative, United Airlines
Join Date: May 2006
Location: Chicago, Houston, or somewhere in between
Posts: 2,179
Hi everyone,
We’ve been monitoring this thread and taking your feedback into account and have made some quick changes to fix issues you have identified. We also want to use this as an opportunity to answer some of the common questions we have seen on this thread. If you have any other questions, please let us know and we will work with our IT Security team to address them where possible.
"Why can't I type my own answer?"
-At the beginning of our effort we conducted a great deal of research into the security issues our customers face. We found that the vast majority of security issues that customers have with their accounts can be traced to computer viruses that record your typing.
-We purposely chose to use preregistered answers as our first form of enhanced authentication to protect against this keystroke logging. We need to ensure that all of our customers have a high degree of security and our research also indicated that some customers had self-entered security answers that would be very easy to guess.
-Not all customers are asked the same questions, and not all customers receive the same potential answers to each question. This randomization is on purpose and designed for your safety and security.
"Why aren't you applying Two Factor Authentication (TFA)?"
-We plan to. Two Factor Authentication will be coming this year.
"What about SMS authentication, or Touch ID, or Google Authenticator?"
-We began with security questions first as not all customers can receive SMS messages, use Touch ID, or have an Authenticator app. You should expect some of these options to appear in the coming year.
“Can't these questions be guessed from Facebook?”
-We hope not! We designed the questions to be difficult to answer through your social media accounts, which is why they may seem peculiar. If you're not sure, try to answer two of your own questions selected at random about a Facebook friend of yours selected at random. We played this game quite a bit during the development program and found it very difficult.
-Some of the questions we ask have some obvious answers omitted. This is on purpose and designed for your safety and security.
"Are you using my answers to these questions for Marketing purposes?"
-No. Your answers are stored encrypted and are not accessible for any purpose other than authenticating you.
-Additionally, your password is encrypted in transit and at the point of storage and is not stored in plain text on United's systems under any circumstances.
"Why wasn't I asked to update my password when someone else was?"
-As part of the account security upgrade launched last week, our system would evaluate your encrypted password and not bother you to update your password if it met our criteria. We have taken into account your feedback provided over the last week and the account security upgrade process now asks all customers to update their password. This should assist those customers who cannot immediately recall their password.
-If you forget your password, the forgot password link on United.com should permit you to reset after answering two of your five security questions.
"I am having trouble logging in after going through the account upgrade process. Any ideas?"
-We are actively working on fixes for a very small number of customers who have login difficulty and for another small number of customers who have difficulty setting questions. We should make the necessary improvements soon, but in the mean-time if you clear your browser cookies for United.com we believe you will have better success.
“How can I view the questions I set up?”
-In order to protect the security of your account, we do not display the questions and answers you set during the security upgrade process. You can always update your questions by visiting the “Change Security Questions” page on the Profile Management screen on United.com.
Thank you,
-UA Insider