Go Back  FlyerTalk Forums > Miles&Points > Airlines and Mileage Programs > United Airlines | MileagePlus
Reload this Page >

UA initiates Account Security Update (Security Q&A authentication added 2016)

UA initiates Account Security Update (Security Q&A authentication added 2016)

Old Feb 13, 16, 9:19 pm
  #136  
 
Join Date: Aug 2012
Location: SLC
Programs: DL FO, KM, & 1.7MM; UA nothing; HH♦; National EE
Posts: 6,344
Originally Posted by jsk1973
This is probably the busiest travel site on the internet and the thread is only four pages long, which suggests the problem is mostly isolated to a small percentage of users.
Not everyone visits the website every day. I happened to have some flights on UA this week so I visited the website, but was too busy to deal with it then. I'm guessing many people have just pushed it off until later.
Howste is offline  
Old Feb 13, 16, 9:21 pm
  #137  
 
Join Date: Mar 2012
Programs: Mileage Plus 1K; Marriott Platinum; Hilton Gold
Posts: 6,354
Originally Posted by jsk1973
This is probably the busiest travel site on the internet and the thread is only four pages long, which suggests the problem is mostly isolated to a small percentage of users.
Or, the alert not to fall for the security enhancement set off by the early victims in this thread has left a lot of folks out there like me rejecting the requests to update my security profile and hoping that there can be a fix or a postponement before the 30 day mandatory migration to the new password and security.
transportprof is offline  
Old Feb 13, 16, 9:24 pm
  #138  
A FlyerTalk Posting Legend
 
Join Date: Apr 2004
Location: GVA (Greater Vancouver Area)
Programs: DREAD Gold; UA 1.034MM; Bonvoy Au-197; PCC Elite+; CCC Elite+; MSC C-12; CWC Au-197; WoH Dis
Posts: 51,469
Originally Posted by UA Insider
Youll only be prompted to create a new password if your existing password doesnt already meet the requirements of being a minimum eight characters including at least one letter and one number.
This statement proves that United's systems are inherently insecure, as the only way to know that is to have the passwords stored in plaintext somewhere.
mahasamatman is offline  
Old Feb 13, 16, 9:31 pm
  #139  
 
Join Date: Jan 2008
Location: EAU
Programs: UA 1K, CO Plat, NW Plat, Marriott Premiere Plat, SPG Plat, Priority Gold, Hilton Gold
Posts: 4,700
Originally Posted by jsk1973
This is probably the busiest travel site on the internet and the thread is only four pages long, which suggests the problem is mostly isolated to a small percentage of users.
The accounts getting locked up is probably a small percentage of users, but the poor design is a problem for everyone.

There isn't a bigger blowback on it because your average user has no idea how bad the design is anymore than they understood that being able to log in with a 4-digit PIN is bad.


If a nefarious party gets a list of FF#'s and names, they could cause a LOT of problems for United.
raehl311 is offline  
Old Feb 13, 16, 9:51 pm
  #140  
Suspended
 
Join Date: Sep 2014
Posts: 3,072
It's unfortunate that some people are having problems, but it seems highly unlikely that United is seeing anything other than a minor percentage of customers being locked out of their accounts. If the transition was going that poorly, they would have shut off the new system already so the problems could be fixed.
jsk1973 is offline  
Old Feb 13, 16, 10:00 pm
  #141  
 
Join Date: Feb 2005
Location: SJC/SFO
Programs: UA GS & Million Miler, AA Lifetime Gold (MM)
Posts: 206
Mine certainly seemed to go fine ... although some of the security question options triggered a "..." response!
Goaliedad30 is offline  
Old Feb 13, 16, 10:08 pm
  #142  
In memoriam
 
Join Date: Mar 2000
Location: IAD, BOS, PVD
Programs: UA, US, AS, Marriott, Radisson, Hilton
Posts: 7,203
Originally Posted by whitethunder
I answered the new five questions (and I like how they pre-fill answers for you)

No password reset needed for me here in the great white north!!
I can't answer five questions with legitimate answers, and I can
answer only one or two with the choices offered, so I had to make
up responses, and I'm likely to forget what I said. So pooh pooh
to you, and that's what I shall say!

My password didn't qualify according to the new rules, so reset
was required.
violist is offline  
Old Feb 13, 16, 10:13 pm
  #143  
 
Join Date: Mar 2010
Location: DAY
Programs: UA 1K 1MM; Marriott LT Titanium; Amex MR; Chase UR; Hertz PC; Global Entry
Posts: 9,400
Originally Posted by raehl311
After checking what happens when you put in a wrong answer to the security questions, I got an email saying my account was locked from any logins at all until I call 1-800-421-4655.

So those of you who can't get into your account might try calling that number.

Has to be between 7 AM and Midnight central.
Originally Posted by Dub
You are kidding! I have to call them??? This is insane!
Unbelievably stupid if true. And only between 7AM and Midnight Central Time? Did United IT forget it was a 24 hour, global Airline or something?

Originally Posted by jsk1973
This is probably the busiest travel site on the internet and the thread is only four pages long, which suggests the problem is mostly isolated to a small percentage of users.
Reported in the thread that Agents are admitting a lot of calls about this.

When I saw that it was optional for the next 30 days, you bet I am staying away from this for awhile. Sorry for those dealing with it, but thanks for taking the fall for us late adopters.
goodeats21 is offline  
Old Feb 14, 16, 12:35 am
  #144  
 
Join Date: May 2004
Location: Sacramento, CA
Programs: UA former 2P
Posts: 33
Clearing all my united cookies seemed to have cleaned up the logging in/being logged out when trying to search for flights.
Troy_smf is offline  
Old Feb 14, 16, 4:16 am
  #145  
 
Join Date: Nov 2008
Location: Washington, DC
Programs: United Premier 1K 1MM; AA Plat Pro; Hyatt Globalist; Marriott Platinum; Avis President's Club
Posts: 2,479
I don't mind these changes but I wish UA would alert all users of the change so they are more aware. Their IT systems still leave a lot to be desired...
mh3265a is offline  
Old Feb 14, 16, 9:35 am
  #146  
FlyerTalk Evangelist
Four Seasons Contributor BadgeMandarin Oriental Contributor Badge
 
Join Date: Feb 1999
Location: Seat 1A, Juice pretty much everywhere, Mucci des Coins Exotiques
Posts: 34,338
Wow, I guess this idiotic security question thing is becoming a trend. First Starwood, now United. Two websites that I am no longer able to use.

Why are the people who made these decisions so narrow-minded? Why can't they conduct a survey to see that perhaps, just maybe, the whole world doesn't think the same way they do? You know what websites will never engage in this stupid behavior? Bank websites. And they have vastly better security than these travel companies.
stimpy is offline  
Old Feb 14, 16, 9:38 am
  #147  
 
Join Date: Jul 2003
Location: BOS, PVG
Programs: United Global Services and 1MM, Marriott Ambassador
Posts: 9,825
Thumbs down

Originally Posted by raehl311
I didn't want to mess with my account, so I created a new one to see how this worked.

My god, I didn't realize how bad this is!

United majorly screwed the pooch on this.

Right now, we have 4-digit PINs, which we all know are insecure, because there are only 10,000 possible combinations of 4 digits.

The NEW system:

- Click Forgot Password, enter Mileage Plus number and Name.
- Answer two security questions, each with 10 possible answers displayed.
- Pick a new password.

DOES NOT EVEN EMAIL YOU A LINK TO CLICK ON!

For those who are really bad at math, two questions with 10 answers is 100 possible answers.

So to "improve" the security of a system with only 10,000 possible answers, we replaced it with a system with 100 possible answers. 99% less secure.


Some people at United IT really, really, really need to be fired over this.
Completely agree.

Can we complain to UA CEO Oscar?

He needs to fire this idiotic and incompetent UA IT team.

The new ual.com is bad enough.

Now this stupid "security update" makes things even worse.
kb1992 is offline  
Old Feb 14, 16, 9:48 am
  #148  
FlyerTalk Evangelist
Four Seasons Contributor BadgeMandarin Oriental Contributor Badge
 
Join Date: Feb 1999
Location: Seat 1A, Juice pretty much everywhere, Mucci des Coins Exotiques
Posts: 34,338
Then again, maybe these moves by United and Starwood are attempts to wean people off the web. Both of their iOS apps work just fine and don't require these stupid questions. It would be nice to remove all their web development costs and focus just on mobile apps. Or am I attributing too much intelligence to these outfits?
stimpy is offline  
Old Feb 14, 16, 10:21 am
  #149  
 
Join Date: Dec 2007
Location: Now:AUS (again); Previous: LGA/EWR (BLKYN, missing JFK), AUS, SAT
Programs: Current: UA-Silver, Former AA Plat, DL Silver
Posts: 593
Originally Posted by FlytheTail
It appears that if you know the MP number and the first and last name, it's even easier. When trying to reset your password, they've reduced the number of options to 10 per question, so with two questions, there are only 100 possibilities.

But, my answer is always listed twice for the first question, so if that's consistent, it could be as little as 1 in 10 to get into someone's account -- and reduced with multiple attempts.

This is such a major fail -- there must be a complete lack of common sense as well as proficiency in the IT group.
Between the FUBAR'd SHARES switchover, the ongoing Aero problems, the ongoing website problems, the ongoing iPhone app problems, and now this absolutely LOLzy security "upgrade" I'm absolutely stunned anyone at United IT still has a job.
ndhapple is offline  
Old Feb 14, 16, 11:25 am
  #150  
 
Join Date: Apr 2015
Programs: United Global Services, Amtrak Select Executive
Posts: 3,794
Originally Posted by mduell
I can't even login to my account to get the new questions... the login button just refreshes the tile in the same not-logged-in state with no error message.
For those having trouble logging in from the main page tile, try logging in using this page instead:

https://www.united.com/web/en-US/app...t/account.aspx

That worked for me when I coulnd't log in from the main page tile.
physioprof is offline  

Thread Tools
Search this Thread