FlyerTalk Forums - View Single Post - UA initiates Account Security Update (Security Q&A authentication added 2016)
Thread: UA initiates Account Security Update (Security Q&A authentication added 2016)
View Single Post
Old Jan 27, 2023, 12:32 am
  #614  
jsloan
FlyerTalk Evangelist
 
Join Date: Oct 2001
Location: Austin, TX
Posts: 21,412
Originally Posted by dmurphynj
Is it, though?

What's the difference, realistically, from having an OTP token in, say, Google's authenticator app, and the generator built into the United app? It'd still do the over-the-wire authentication, which is the important part.

What's the security advantage of flipping back and forth between the authenticator app and the United app at login?

Now --- in theory, SHOULD you be using an OTP token on the same physical device you're authenticating? Not really, no. But that's - in practicality - what happens.

So what's the advantage?
At least with the separate app, you could, in theory, be logging into the website on a different device than you're using for communication. When it's part of the same app, there's no chance of it at all, and then it's completely pointless. Anyone who can access the app can also access the OTP.
jsloan is online now  
Reply