Originally Posted by
unavaca
It's a free and open standard. There's no license cost to use, implement, or maintain. UA chose not to do it.
Or, perhaps more likely, didn't know about it or didn't pursue the option. Using it with 1password makes my life infinitely easier for many parts of the Internet, but, unfortunately, United followed the path of many weak financial authentication approaches and didn't go with 2 factors. Frankly, it's ridiculous. If consultants did this, demand the fees back. If internal staff, get more knowledgeable security staff.