UA initiates Account Security Update (Security Q&A authentication added 2016)
Feb 17, 2016, 5:49 pm
#196
Join Date: Oct 2011
Location: NYC
Programs: UA GS, SPG Plat, National EC Executive (Replaced Hertz), Hertz PC (Retired)
Posts: 724
No. That cost money because they have to text you. You have to be running a business where you can spend a quarter on your customer for each $250.00 they spend at your business. And you need to have a rudimentary understanding of security. And you have to really have a modern website. And ...
Lots of people travel internationally. Many land and don't have access to cell service but do have access to wifi. You're creating a potentially stranding burden on some people.
Feb 17, 2016, 6:07 pm
#197
FlyerTalk Evangelist
Join Date: Aug 2015
Posts: 11,462
That said, I don't think it would be a bad idea to allow opt-in for a 2-step.
Feb 17, 2016, 6:15 pm
#198
Join Date: Nov 2013
Location: NYC / TYO / Up in the Air
Programs: UA GS 1.7MM, AA 2.1MM, EK, BA, SQ, CX, Marriot LT, Accor P
Posts: 6,317
I think you missed the point - it costs real money to authenticate this way - for both UA and the end user without any guarantee they will receive - as you correctly point out....
Feb 17, 2016, 6:26 pm
#199
FlyerTalk Evangelist
Join Date: Feb 1999
Location: Seat 1A, Juice pretty much everywhere, Mucci des Coins Exotiques
Posts: 34,339
There exists 2 factor auth that has zero financial or resource burden on the user. You can simply send an encrypted pop up window or frame on an app that requires an extra set of numbers or whatever. That isn't at all difficult when traveling. It is just an extra 10 seconds or so. And that would have been a better choice than these stupid questions.
However when it comes to UAL IT costs, it's clear they chose the cheapest option to make it look like they care about security.
However when it comes to UAL IT costs, it's clear they chose the cheapest option to make it look like they care about security.
Feb 17, 2016, 7:41 pm
#200
Moderator: United Airlines
Join Date: Jun 2007
Location: SFO
Programs: UA Plat 1.995MM, Hyatt Discoverist, Marriott Plat/LT Gold, Hilton Silver, IHG Plat
Posts: 66,854
However, let's not get into a long drawn out discussion 2 factor authentication -- let's focus on UA related issues.
Feb 17, 2016, 8:07 pm
#201
FlyerTalk Evangelist
Join Date: Feb 1999
Location: Seat 1A, Juice pretty much everywhere, Mucci des Coins Exotiques
Posts: 34,339
While in no way defending UA IT, 2 factor authentication's adoption rate has been extremely low because the public feels it is too much of a bother. In fact presently no one I do business with uses 2 factor authentication for anything except a few which use it for password changes, none for normal access. UA is far from alone in lack of this.
However, let's not get into a long drawn out discussion 2 factor authentication -- let's focus on UA related issues.
However, let's not get into a long drawn out discussion 2 factor authentication -- let's focus on UA related issues.
And as for 2 factor auth, two of the banks I use have it. One uses the Secure ID route and the other uses the web/app scheme that I described above. So it does exist with businesses that have millions of online retail customers.
Feb 17, 2016, 9:39 pm
#202
Join Date: May 2000
Location: VA USA IAD\DCA
Posts: 573
This is the problem with how united is implementing the security questions. They should contain answers only you know. The entry for an answer should be blank, filled in by the user and encrypted (communications and storage). By forcing us to choose from a preselected group of answers you are more likely to have them known by others if you have a strong preference for one over the others. If you have trouble choosing an answer from the choices presented then you are more likely to forget. Writing the answers down is a no no like with a password. Another problem I have with the use of preselected answers is the potential for profiling customers to shape product offerings and pricing. I prefer to use my own answers that are random and unique, easy to remember while not useful to others.
V/r,
-Cyborg
V/r,
-Cyborg
Feb 17, 2016, 10:37 pm
#203
Join Date: Feb 2013
Location: Miami, FL
Programs: UA 1MM, AA Plat, Marriott LT Titanium, Hyatt Glob, IHG ♢ Amb, Hilton ♢, Hertz Pres
Posts: 6,017
I can't even login. Just says to call Mileage Plus. ...?! How am I supposed to manage reservations and book a flight? Silly United.
Feb 17, 2016, 10:47 pm
#204
A FlyerTalk Posting Legend
Join Date: Apr 2004
Location: GVA (Greater Vancouver Area)
Programs: DREAD Gold; UA 1.035MM; Bonvoy Au-197; PCC Elite+; CCC Elite+; MSC C-12; CWC Au-197; WoH Dis
Posts: 52,140
Feb 18, 2016, 12:03 am
#205
FlyerTalk Evangelist
Join Date: Dec 2003
Location: Benicia, California, USA
Programs: AA PLT,AS,UA PP,J6,FB,EY,LH,SQ,HH Dmd,Hyatt Glbl,Marriott Plat,IHG Plat,Accor Gold
Posts: 10,820
Answered my five security questions (and I agree, what a stupid selection they are). Not given any chance to update my password.
The next time I tried to log in, I couldn't get into the site because neither my pin (as per the new rules, so no surprise) or my password (now that's the surprise) accepted. So I go to "forget password," and in turn to the new security questions. But I get caught in a loop between two questions (favorite outdoor activity and first car, FWIW), but the questions keep cycling between the two whenever I answer one. In other words, I wasn't allowed to proceed further in order to get a password email sent to me.
Finally, called MP and fortunately reached someone without having to wait. He issued me a new temporary password, which I in turn used to establish a new password. So a solution!
But still a hassle in that even after logging into the site, I had to again enter my MP # and password to access My Account.
The next time I tried to log in, I couldn't get into the site because neither my pin (as per the new rules, so no surprise) or my password (now that's the surprise) accepted. So I go to "forget password," and in turn to the new security questions. But I get caught in a loop between two questions (favorite outdoor activity and first car, FWIW), but the questions keep cycling between the two whenever I answer one. In other words, I wasn't allowed to proceed further in order to get a password email sent to me.
Finally, called MP and fortunately reached someone without having to wait. He issued me a new temporary password, which I in turn used to establish a new password. So a solution!
But still a hassle in that even after logging into the site, I had to again enter my MP # and password to access My Account.
It's nice to know, though, that they're monitoring this thread, presumably to try to fix the glitches. Kudos to them for that much.
I suppose that those experiencing more problems can contact United Digital Insider by first searching for them in the search box above and then pming them.
Feb 18, 2016, 8:19 am
#206
Join Date: Jan 2008
Location: EAU
Programs: UA 1K, CO Plat, NW Plat, Marriott Premiere Plat, SPG Plat, Priority Gold, Hilton Gold
Posts: 4,712
If answering the security questions correctly allows for a password reset, in general, not a good idea - but if it just causes you to be sent a text or email that then you then use to reset your password, much better.
And if you're trying to get to the United website, you're on the internet, and can get email.
While in no way defending UA IT, 2 factor authentication's adoption rate has been extremely low because the public feels it is too much of a bother. In fact presently no one I do business with uses 2 factor authentication for anything except a few which use it for password changes, none for normal access. UA is far from alone in lack of this.
Two-factor login for any and every login is inconvenient. But it would be smart to have for password resets.
Regardless, having inane security questions with drop-down menus that allows an immediate password reset is an extremely horrible implementation. Regardless of the merits of other options available, this option is unforgivable, period.
Feb 18, 2016, 8:24 am
#207
Join Date: Feb 2009
Location: SEA
Programs: UA SP, DL SM MM, AS 75K, SPG Platinum, Hyatt Diamond.
Posts: 2,596
I just thought the questions were stupid. Hardly any of them had I ever given a second thought to, and most of them I didn't have a single "obvious" pick. My favorite movie genre? With answers to chose from like "Action" and "Adventure" I can see not remembering your choices with most of the questions to be a very common issue. It was just stupid and poorly thought out.
Feb 18, 2016, 9:16 am
#208
Join Date: Nov 2013
Location: NYC / TYO / Up in the Air
Programs: UA GS 1.7MM, AA 2.1MM, EK, BA, SQ, CX, Marriot LT, Accor P
Posts: 6,317
Thank goodness I read this thread while I was in Europe and didn't change anything until today. I set up my questions and then it never asked me to set a password - but since I read this thread I went into account settings right away and set my password - and everything worked the way it should with no issues - if I had just logged out I'm certain I would not have been able to get back in to my account - and I leave for Asia tomorrow...
Thanks FT!
Thanks FT!
Feb 18, 2016, 9:33 am
#209
Join Date: Feb 2009
Location: SEA
Programs: UA SP, DL SM MM, AS 75K, SPG Platinum, Hyatt Diamond.
Posts: 2,596
Thank goodness I read this thread while I was in Europe and didn't change anything until today. I set up my questions and then it never asked me to set a password - but since I read this thread I went into account settings right away and set my password - and everything worked the way it should with no issues - if I had just logged out I'm certain I would not have been able to get back in to my account - and I leave for Asia tomorrow...
Thanks FT!
Thanks FT!
Gotta love UA IT. Good work on this one guys.
