UA initiates Account Security Update (Security Q&A authentication added 2016)
#316
FlyerTalk Evangelist
Join Date: Dec 2002
Programs: UA Platinum MM; DL Silver; IHG Diamond Ambassador; Hilton Gold; Marriott Gold
Posts: 24,249
. . . I went to united.com with the intent to switch to the full-size password (and to look for some tickets). I've found that for almost all the "security" questions, I cannot find the answers that I will remember. (And I need to choose and remember 5! Not 1 or 2, but 5 of those!) I will not remember, because they don't have MY answers.
. . . [W]ith this ridiculous multiple choice, I am left with no good choice. Without "upgrade", I cannot do anything in my account. But choosing the answers I wouldn't be able to remember would be like shooting yourself in the foot.
. . . [W]ith this ridiculous multiple choice, I am left with no good choice. Without "upgrade", I cannot do anything in my account. But choosing the answers I wouldn't be able to remember would be like shooting yourself in the foot.
#317
Join Date: Jan 2006
Location: Los Angeles
Programs: AAdvantage, UAmileage+,SkyMiles,Avios
Posts: 78
I agree with OP, most of the Q&A don't work for me, I have to guess a nearest answer to fill out, but I'm sure I will forget most of them. the way I did is screen capture my answer and put it on my desktop. Also I used awardwallet to keep track of my usser name & PW. Hope they can find other way to secure our account.
#318
Join Date: Dec 2010
Location: PDX
Programs: kayaker
Posts: 851
I agree with OP, most of the Q&A don't work for me, I have to guess a nearest answer to fill out, but I'm sure I will forget most of them. the way I did is screen capture my answer and put it on my desktop. Also I used awardwallet to keep track of my usser name & PW. Hope they can find other way to secure our account.
#319
FlyerTalk Evangelist
Join Date: Sep 2002
Location: Between AUS, EWR, and YTO In a little twisty maze of airline seats, all alike.. but I wanna go home with the armadillo
Programs: CO, NW, & UA forum moderator emeritus
Posts: 35,426
#320
Join Date: Oct 2013
Posts: 87
Wow!
Prior to posting, I searched the forum, but didn't find this thread. So, I am pleasantly surprised so many people have the same/similar concerns about UA's mediocre approach to implementing security.
(Thanks to the moderator who merged my post to the existing old thread, I was able to see that there were 21 pages of postings on related issues.)
I use a very similar technique.
I am glad, I am not the only one who realizes that it is easy to find answers for some people.
Moreover, - on some websites that use security Q/A feature, once you are logged in, actually show you the answers you selected (under your profile). (Not the case on ua.com.)
Exactly!
At least they your wife didn't have to think what's your son's favorite drink, choosing from scotch, gin and whiskey. I wouldn't expect that geniuses from UA to add milk to that list.
In those cases where one can enter free text, for my kid, I usually enter some keywords that have no connection to the question but they are based on a unambiguous scheme that I've worked out. In some way it is similar to the one from
Prior to posting, I searched the forum, but didn't find this thread. So, I am pleasantly surprised so many people have the same/similar concerns about UA's mediocre approach to implementing security.
(Thanks to the moderator who merged my post to the existing old thread, I was able to see that there were 21 pages of postings on related issues.)
Agree with others who correctly noted that by Googling someone you have a good chance to correctly determine answers. My technique to avoid that is to pick a small sequence like uppercase wife's initials & wedding month (i.e., "EC6") which prefixes each of my answers -
What is your favorite color? EC6blue
What street did you grow up on? EC6pine
What is your favorite color? EC6blue
What street did you grow up on? EC6pine
I am glad, I am not the only one who realizes that it is easy to find answers for some people.
Moreover, - on some websites that use security Q/A feature, once you are logged in, actually show you the answers you selected (under your profile). (Not the case on ua.com.)
Exactly!
In those cases where one can enter free text, for my kid, I usually enter some keywords that have no connection to the question but they are based on a unambiguous scheme that I've worked out. In some way it is similar to the one from
Last edited by goalie; Jun 24, 2016 at 11:42 pm Reason: Editing a quoted post is not permitted
#323
Join Date: Jun 2010
Location: ROC/NYC/MSP/LAX/HKG/SIN
Posts: 3,212
tl;dr: The way United implemented new security authentication on united.com is different from the industry standard and it makes it less secure and even unusable for some users.
...
BUT! They did it with a twist:
You do not get to type in YOUR answer, you must choose from a present of SOMEONE else's answers (most likely some IT manager who neither knows internet security procedures, nor understands the psychology.).
Today, after not flying United for a few months, I went to united.com with the intent to switch to the full-size password (and to look for some tickets). I've found that for almost all the "security" questions, I cannot find the answers that I will remember. (And I need to choose and remember 5! Not 1 or 2, but 5 of those!) I will not remember, because they don't have MY answers.
When I spoke with the Mileage Plus support, the lady told me (several times!), that I should write those answers down on a piece of paper or take a screenshot. (Any real security experts would laugh at that advice.)
I've finally caved in and chose something... The irony is that an hour later, I don't remember 3 out of 5 answers. Because they are not "natural" to me.
PS. To give just one example of the questions: "What major city did you travel to first?" I don't know how they've chosen those cities. Obviously, it is very much US-centric. It has Santa Fe with the population of 70 K, but it is missing a bunch of European capitals. (And I am not even talking about other large cities in Europe, with the population exceeding 1M.)
...
BUT! They did it with a twist:
You do not get to type in YOUR answer, you must choose from a present of SOMEONE else's answers (most likely some IT manager who neither knows internet security procedures, nor understands the psychology.).
Today, after not flying United for a few months, I went to united.com with the intent to switch to the full-size password (and to look for some tickets). I've found that for almost all the "security" questions, I cannot find the answers that I will remember. (And I need to choose and remember 5! Not 1 or 2, but 5 of those!) I will not remember, because they don't have MY answers.
When I spoke with the Mileage Plus support, the lady told me (several times!), that I should write those answers down on a piece of paper or take a screenshot. (Any real security experts would laugh at that advice.)
I've finally caved in and chose something... The irony is that an hour later, I don't remember 3 out of 5 answers. Because they are not "natural" to me.
PS. To give just one example of the questions: "What major city did you travel to first?" I don't know how they've chosen those cities. Obviously, it is very much US-centric. It has Santa Fe with the population of 70 K, but it is missing a bunch of European capitals. (And I am not even talking about other large cities in Europe, with the population exceeding 1M.)
Already sent the Customer Care post indicating the issues with security management, and I have yet heard anything from UA yet. Might be trying it again.
#324
Join Date: May 2015
Posts: 51
Obsessive security questions
Put me down on that list of those who think the new United system is absolutely boneheaded . Same reasons : I'll never remember those answers .
I 'm certain this is a case of someone proving how clever they are and important they are .
I asked United how many times accounts had been hacked anyway and they would not answer .
Good thing it's just not that important , I can fly with other airlines .
I 'm certain this is a case of someone proving how clever they are and important they are .
I asked United how many times accounts had been hacked anyway and they would not answer .
Good thing it's just not that important , I can fly with other airlines .
#325
Join Date: Nov 2013
Location: NYC / TYO / Up in the Air
Programs: UA GS 1.7MM, AA 2.1MM, EK, BA, SQ, CX, Marriot LT, Accor P
Posts: 6,317
Put me down on that list of those who think the new United system is absolutely boneheaded . Same reasons : I'll never remember those answers .
I 'm certain this is a case of someone proving how clever they are and important they are .
I asked United how many times accounts had been hacked anyway and they would not answer .
Good thing it's just not that important , I can fly with other airlines .
I 'm certain this is a case of someone proving how clever they are and important they are .
I asked United how many times accounts had been hacked anyway and they would not answer .
Good thing it's just not that important , I can fly with other airlines .
#326
Moderator: United Airlines
Join Date: Jun 2007
Location: SFO
Programs: UA Plat 1.995MM, Hyatt Discoverist, Marriott Plat/LT Gold, Hilton Silver, IHG Plat
Posts: 66,854
But it clearly has happened at UA
http://www.flyertalk.com/forum/unite...edemption.html
http://www.flyertalk.com/forum/unite...ec-2014-a.html
http://www.flyertalk.com/forum/unite...it-us-opm.html
http://www.flyertalk.com/forum/unite...ne-hacked.html
just for starters
#327
Join Date: Jul 2012
Posts: 1,319
Aside from inconvenience the main security issue with pre-selected answers is predictability. Faced with a list of choices, users will with virtual certainty select the most common/obvious/easy to remember.
I would estimate favorite marine animal to be dolphin (8/10) followed closely by a turtle (2/10). Ditto for favorite city (Paris/New York), pizza topping (pepperoni 9/10) etc.
That renders these questions essentially useless.
That said, United is using these questions not because they truly feel that enhances account security, but because it is the current "standard of care".
From the industry that still will let you look up and modify any reservation based on a last name and a 6 letter code (posted in the open in plenty of places) - meaningful security is not going to happen anytime soon.
I would estimate favorite marine animal to be dolphin (8/10) followed closely by a turtle (2/10). Ditto for favorite city (Paris/New York), pizza topping (pepperoni 9/10) etc.
That renders these questions essentially useless.
That said, United is using these questions not because they truly feel that enhances account security, but because it is the current "standard of care".
From the industry that still will let you look up and modify any reservation based on a last name and a 6 letter code (posted in the open in plenty of places) - meaningful security is not going to happen anytime soon.
#328
Join Date: Feb 2010
Location: New Jersey
Programs: UA MM 1K, AA MM Gold, Marriott LT Platinum
Posts: 3,236
#329
Join Date: Nov 2007
Location: Washington DC
Programs: Former 1k, Lifetime UA Gold, Starwood Gold; Avis Preferred; Hertz Gold
Posts: 1,732
Scratching my head here.
#330
Join Date: Jul 2010
Location: CMH
Programs: UA 1K, 1MM, HH Diamond, Marriott Gold
Posts: 745