Originally Posted by
asovse1
If they introduce 2FA, the bar is set so high that I'm fully expecting super advanced tools (that really aren't that hard to implement) like time-based keys, hardware key support, passphrase support (not really 2FA tho) atop the usual SMS/email offerings (which are still pretty insecure)
They're actually
impossible to implement, or at least to do so meaningfully. The entire travel industry is premised upon being insecure -- that's how you can have a travel agent do things on your behalf. All you need to have to cancel a reservation is a record locator and a last name, and that's very much by design.
Now, could they implement 2FA for making bookings -- sure, I guess. It's possible that somebody is stealing UA login credentials to try to book airfare for somebody illicitly. The thing is, there's not much of a market for that, because ultimately you're going to have to link it to a passenger. There's no anonymity in air travel, so there's not much of a market for fences.