Go Back  FlyerTalk Forums > Miles&Points > Airlines and Mileage Programs > United Airlines | MileagePlus
Reload this Page >

UA initiates Account Security Update (Security Q&A authentication added 2016)

UA initiates Account Security Update (Security Q&A authentication added 2016)

Old Feb 17, 2016, 5:49 pm
  #196  
glx
 
Join Date: Oct 2011
Location: NYC
Programs: UA GS, SPG Plat, National EC Executive (Replaced Hertz), Hertz PC (Retired)
Posts: 724
Originally Posted by Michael D
No. That cost money because they have to text you. You have to be running a business where you can spend a quarter on your customer for each $250.00 they spend at your business. And you need to have a rudimentary understanding of security. And you have to really have a modern website. And ...
Sorry, but I disagree that an airline wants 2-factor authentication.

Lots of people travel internationally. Many land and don't have access to cell service but do have access to wifi. You're creating a potentially stranding burden on some people.
glx is offline  
Old Feb 17, 2016, 6:07 pm
  #197  
FlyerTalk Evangelist
 
Join Date: Aug 2015
Posts: 11,666
Originally Posted by glx
Sorry, but I disagree that an airline wants 2-factor authentication.

Lots of people travel internationally. Many land and don't have access to cell service but do have access to wifi. You're creating a potentially stranding burden on some people.
2-factor authentication can be done without cell or wireless signal. However, I agree that it is inconvenient and severely so during international travel.

That said, I don't think it would be a bad idea to allow opt-in for a 2-step.
fumje is offline  
Old Feb 17, 2016, 6:15 pm
  #198  
 
Join Date: Nov 2013
Location: NYC / TYO / Up in the Air
Programs: UA GS 1.7MM, AA 2.1MM, EK, BA, SQ, CX, Marriot LT, Accor P
Posts: 6,582
Originally Posted by glx
Sorry, but I disagree that an airline wants 2-factor authentication.

Lots of people travel internationally. Many land and don't have access to cell service but do have access to wifi. You're creating a potentially stranding burden on some people.
I think you missed the point - it costs real money to authenticate this way - for both UA and the end user without any guarantee they will receive - as you correctly point out....
bmwe92fan is offline  
Old Feb 17, 2016, 6:26 pm
  #199  
FlyerTalk Evangelist
Four Seasons Contributor BadgeMandarin Oriental Contributor Badge
 
Join Date: Feb 1999
Location: Seat 1A, Juice pretty much everywhere, Mucci des Coins Exotiques
Posts: 34,339
There exists 2 factor auth that has zero financial or resource burden on the user. You can simply send an encrypted pop up window or frame on an app that requires an extra set of numbers or whatever. That isn't at all difficult when traveling. It is just an extra 10 seconds or so. And that would have been a better choice than these stupid questions.

However when it comes to UAL IT costs, it's clear they chose the cheapest option to make it look like they care about security.
stimpy is offline  
Old Feb 17, 2016, 7:41 pm
  #200  
Moderator: United Airlines
 
Join Date: Jun 2007
Location: SFO
Programs: UA LT Plat 2MM, Hyatt Discoverist, Marriott LT Gold, Hilton Silver, IHG Plat
Posts: 67,277
Originally Posted by stimpy
There exists 2 factor auth that has zero financial or resource burden on the user. ....
However when it comes to UAL IT costs, it's clear they chose the cheapest option to make it look like they care about security.
While in no way defending UA IT, 2 factor authentication's adoption rate has been extremely low because the public feels it is too much of a bother. In fact presently no one I do business with uses 2 factor authentication for anything except a few which use it for password changes, none for normal access. UA is far from alone in lack of this.

However, let's not get into a long drawn out discussion 2 factor authentication -- let's focus on UA related issues.
WineCountryUA is offline  
Old Feb 17, 2016, 8:07 pm
  #201  
FlyerTalk Evangelist
Four Seasons Contributor BadgeMandarin Oriental Contributor Badge
 
Join Date: Feb 1999
Location: Seat 1A, Juice pretty much everywhere, Mucci des Coins Exotiques
Posts: 34,339
Originally Posted by WineCountryUA
While in no way defending UA IT, 2 factor authentication's adoption rate has been extremely low because the public feels it is too much of a bother. In fact presently no one I do business with uses 2 factor authentication for anything except a few which use it for password changes, none for normal access. UA is far from alone in lack of this.

However, let's not get into a long drawn out discussion 2 factor authentication -- let's focus on UA related issues.
Well this is a UA issue. Like I said above, they chose the cheapest IT route with this scheme. They need to be called out on that. The more the customers bring this up, the better the chance for an improved scheme.

And as for 2 factor auth, two of the banks I use have it. One uses the Secure ID route and the other uses the web/app scheme that I described above. So it does exist with businesses that have millions of online retail customers.
stimpy is offline  
Old Feb 17, 2016, 9:39 pm
  #202  
 
Join Date: May 2000
Location: VA USA IAD\DCA
Posts: 573
Originally Posted by cyborg
This is the problem with how united is implementing the security questions. They should contain answers only you know. The entry for an answer should be blank, filled in by the user and encrypted (communications and storage). By forcing us to choose from a preselected group of answers you are more likely to have them known by others if you have a strong preference for one over the others. If you have trouble choosing an answer from the choices presented then you are more likely to forget. Writing the answers down is a no no like with a password. Another problem I have with the use of preselected answers is the potential for profiling customers to shape product offerings and pricing. I prefer to use my own answers that are random and unique, easy to remember while not useful to others.

V/r,

-Cyborg
The first major city I visited not listed..Guess the answers are UA centric..I doubt if they listed all the cars manufactured in the world nor all the fruits of the world...
AndrewM is offline  
Old Feb 17, 2016, 10:37 pm
  #203  
 
Join Date: Feb 2013
Location: Miami, FL
Programs: UA 1MM, AA Plat, Marriott LT Titanium, Hyatt Glob, IHG ♢ Amb, Hilton ♢, Hertz Pres
Posts: 6,028
I can't even login. Just says to call Mileage Plus. ...?! How am I supposed to manage reservations and book a flight? Silly United.
TravelinSperry is offline  
Old Feb 17, 2016, 10:47 pm
  #204  
A FlyerTalk Posting Legend
 
Join Date: Apr 2004
Location: GVA (Greater Vancouver Area)
Programs: DREAD Gold; UA 1.035MM; Bonvoy Au-197; PCC Elite+; CCC Elite+; MSC C-12; CWC Au-197; WoH Dis
Posts: 52,223
Originally Posted by stimpy
Well this is a UA issue. Like I said above, they chose the cheapest IT route with this scheme.
Actually, free-form answers are probably easier to implement, but they chose the less secure pulldown, so it's a very odd decision.
mahasamatman is offline  
Old Feb 18, 2016, 12:03 am
  #205  
FlyerTalk Evangelist
 
Join Date: Dec 2003
Location: Benicia, California, USA
Programs: AA PLT,AS,UA PP,J6,FB,EY,LH,SQ,HH Dmd,Hyatt Glbl,Marriott Plat,IHG Plat,Accor Gold
Posts: 10,843
Originally Posted by Thunderroad
Answered my five security questions (and I agree, what a stupid selection they are). Not given any chance to update my password.

The next time I tried to log in, I couldn't get into the site because neither my pin (as per the new rules, so no surprise) or my password (now that's the surprise) accepted. So I go to "forget password," and in turn to the new security questions. But I get caught in a loop between two questions (favorite outdoor activity and first car, FWIW), but the questions keep cycling between the two whenever I answer one. In other words, I wasn't allowed to proceed further in order to get a password email sent to me.

Finally, called MP and fortunately reached someone without having to wait. He issued me a new temporary password, which I in turn used to establish a new password. So a solution!

But still a hassle in that even after logging into the site, I had to again enter my MP # and password to access My Account.
FWIW, I got a nice note from United Digital Insider asking about the specific problem I flagged here and my UA MP#, to try to address it. I suggested that they instead focus on doing something about the stupid identification questions they're using and the other website glitches.

It's nice to know, though, that they're monitoring this thread, presumably to try to fix the glitches. Kudos to them for that much.

I suppose that those experiencing more problems can contact United Digital Insider by first searching for them in the search box above and then pming them.
Thunderroad is offline  
Old Feb 18, 2016, 8:19 am
  #206  
 
Join Date: Jan 2008
Location: EAU
Programs: UA 1K, CO Plat, NW Plat, Marriott Premiere Plat, SPG Plat, Priority Gold, Hilton Gold
Posts: 4,712
Originally Posted by WineCountryUA
Perhaps those might not be the best choice for those with Facebook accounts.
Depends what it's used for, and how you use it.

If answering the security questions correctly allows for a password reset, in general, not a good idea - but if it just causes you to be sent a text or email that then you then use to reset your password, much better.

And if you're trying to get to the United website, you're on the internet, and can get email.

Originally Posted by WineCountryUA
While in no way defending UA IT, 2 factor authentication's adoption rate has been extremely low because the public feels it is too much of a bother. In fact presently no one I do business with uses 2 factor authentication for anything except a few which use it for password changes, none for normal access. UA is far from alone in lack of this.

Two-factor login for any and every login is inconvenient. But it would be smart to have for password resets.



Regardless, having inane security questions with drop-down menus that allows an immediate password reset is an extremely horrible implementation. Regardless of the merits of other options available, this option is unforgivable, period.
raehl311 is offline  
Old Feb 18, 2016, 8:24 am
  #207  
 
Join Date: Feb 2009
Location: SEA
Programs: UA SP, DL SM MM, AS 75K, SPG Platinum, Hyatt Diamond.
Posts: 2,596
I just thought the questions were stupid. Hardly any of them had I ever given a second thought to, and most of them I didn't have a single "obvious" pick. My favorite movie genre? With answers to chose from like "Action" and "Adventure" I can see not remembering your choices with most of the questions to be a very common issue. It was just stupid and poorly thought out.
transportbiz is offline  
Old Feb 18, 2016, 9:16 am
  #208  
 
Join Date: Nov 2013
Location: NYC / TYO / Up in the Air
Programs: UA GS 1.7MM, AA 2.1MM, EK, BA, SQ, CX, Marriot LT, Accor P
Posts: 6,582
Thank goodness I read this thread while I was in Europe and didn't change anything until today. I set up my questions and then it never asked me to set a password - but since I read this thread I went into account settings right away and set my password - and everything worked the way it should with no issues - if I had just logged out I'm certain I would not have been able to get back in to my account - and I leave for Asia tomorrow...

Thanks FT!
bmwe92fan is offline  
Old Feb 18, 2016, 9:33 am
  #209  
 
Join Date: Feb 2009
Location: SEA
Programs: UA SP, DL SM MM, AS 75K, SPG Platinum, Hyatt Diamond.
Posts: 2,596
Originally Posted by bmwe92fan
Thank goodness I read this thread while I was in Europe and didn't change anything until today. I set up my questions and then it never asked me to set a password - but since I read this thread I went into account settings right away and set my password - and everything worked the way it should with no issues - if I had just logged out I'm certain I would not have been able to get back in to my account - and I leave for Asia tomorrow...

Thanks FT!
It did the same thing with me, and no, now I can't get into my account. When I select "forgot password" it takes you to a screen where it asks you to answer your security questions so I do, and then it goes into a loop where it asks for the same answers over and over. Fortunately, I'm not flying soon, and I'm certainly not booking flights on UA.

Gotta love UA IT. Good work on this one guys.
transportbiz is offline  
Old Feb 18, 2016, 4:32 pm
  #210  
Marriott 5+ BadgeHyatt Contributor Badge
 
Join Date: Jan 2011
Location: HKG • Ex SFO, NYC
Programs: UA 1K, AA EXP; Marriott Amb; Hyatt Globalist; Shangri-la Diamond; IHG SpireAmb; Hilton D; Accor G
Posts: 3,319
These security questions are so dumb…
helvetic is offline  

Thread Tools
Search this Thread

Contact Us - Manage Preferences Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service -

This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.