Go Back  FlyerTalk Forums > Miles&Points > Airlines and Mileage Programs > United Airlines | MileagePlus
Reload this Page >

UA initiates Account Security Update (Security Q&A authentication added 2016)

Register
Social Groups
Search
Today's Posts
Mark Forums Read

UA initiates Account Security Update (Security Q&A authentication added 2016)

   
Old Aug 12, 16, 3:40 pm
  #391  
FlyerTalk Evangelist
 
Join Date: Mar 2014
Location: 4me
Posts: 11,328
Originally Posted by stimpy
May I ask a question? Is United recommending that we document on paper our security questions and answers so we can go back to look them up later on as needed?
For me, I usually just provide random answers to this types of questions. Initially for UA, I just selected the first question in the list and first answer for each question without taking note of it. After seeing latest development on this thread, I re-entered my questions/answers with ones that I have a high probability of remembering. I even took a screenshot and saved them.
TomMM is offline  
Reply
Old Aug 12, 16, 3:51 pm
  #392  
 
Join Date: Sep 1999
Location: SF Bay Area
Programs: UA 1K MM, Accor Plat, Htz PC, Natl ExEm, other random status
Posts: 2,876
Originally Posted by TomMM
For me, I usually just provide random answers to this types of questions. Initially for UA, I just selected the first question in the list and first answer for each question without taking note of it. After seeing latest development on this thread, I re-entered my questions/answers with ones that I have a high probability of remembering. I even took a screenshot and saved them.
These questions and their answers are so random (my least favorite class in school???) that I've made the security of my account affirmatively worse by taking a screenshot of my questions and answers and emailing them to several different email accounts and to my wife, so that she can access my account if she needs to.

I'm sure this seemed like a good idea, but it actually sounds like a scene from a workplace comedy.

Greg
greg99 is offline  
Reply
Old Aug 12, 16, 4:36 pm
  #393  
 
Join Date: Jan 2013
Programs: UA 1K | MR Platinum
Posts: 492
A suggestion for anyone who wants to select random answers (or any answers, given how absolutely absurd these questions are) - put the question and answer in an encrypted note via iOS and sync it to your devices. If you do not use iOS, Keepass can accomplish a similar task in the notes field of the password entry. Make sure that you secure either with a strong password, but at least it's just one password for you to remember vs all sorts of random data points.
mtftw is offline  
Reply
Old Aug 12, 16, 6:36 pm
  #394  
FlyerTalk Evangelist
 
Join Date: Mar 2014
Location: 4me
Posts: 11,328
I wonder what UA's plan B is for users that have forgotten both their password and questions/answers? How will they be authenticated?
TomMM is offline  
Reply
Old Aug 12, 16, 6:41 pm
  #395  
FlyerTalk Evangelist
Four Seasons Contributor BadgeMandarin Oriental Contributor Badge
 
Join Date: Feb 1999
Location: Seat 1A, Juice pretty much everywhere, Mucci des Coins Exotiques
Posts: 34,339
Originally Posted by mtftw
A suggestion for anyone who wants to select random answers (or any answers, given how absolutely absurd these questions are) - put the question and answer in an encrypted note via iOS and sync it to your devices. If you do not use iOS, Keepass can accomplish a similar task in the notes field of the password entry. Make sure that you secure either with a strong password, but at least it's just one password for you to remember vs all sorts of random data points.
You mean so that anyone who steals our iPhones or Macs can then easily access our United account? Sorry, but passwords are meant to be stored in human memory. Two-factor is fine, but it is a fail if we have to store the second factor in a place where a hacker could access them.
stimpy is offline  
Reply
Old Aug 12, 16, 6:49 pm
  #396  
 
Join Date: Mar 2015
Location: NYC (Primarily EWR)
Programs: UA 1K / *G, Marriott Bonvoy Gold; Avis PC
Posts: 8,738
I think it's more impressive that I was able to (correctly) guess my wife's security questions when they came up.
PsiFighter37 is online now  
Reply
Old Aug 12, 16, 6:53 pm
  #397  
 
Join Date: Jan 2010
Location: Carmel Valley(was Hawaii)
Programs: United 1K 2.7 MM
Posts: 1,160
Originally Posted by mtftw
A suggestion for anyone who wants to select random answers (or any answers, given how absolutely absurd these questions are) - put the question and answer in an encrypted note via iOS and sync it to your devices. If you do not use iOS, Keepass can accomplish a similar task in the notes field of the password entry. Make sure that you secure either with a strong password, but at least it's just one password for you to remember vs all sorts of random data points.
I just write them down. No-one knows where the hidden paper with the answers is(sometimes I don't either).
mmack is offline  
Reply
Old Aug 12, 16, 7:04 pm
  #398  
FlyerTalk Evangelist
Four Seasons Contributor BadgeMandarin Oriental Contributor Badge
 
Join Date: Feb 1999
Location: Seat 1A, Juice pretty much everywhere, Mucci des Coins Exotiques
Posts: 34,339
Originally Posted by mmack
I just write them down. No-one knows where the hidden paper with the answers is(sometimes I don't either).
That's called Security through Obscurity. And it doesn't really work.
stimpy is offline  
Reply
Old Aug 12, 16, 8:02 pm
  #399  
Moderator, Omni, Omni/PR, Omni/Games, FlyerTalk Posting Legend
 
Join Date: Oct 2004
Location: Between DCA and IAD
Programs: UA 1K MM; Hilton Diamond
Posts: 65,752
I've now logged in on 3 different devices... and been asked the exact same questions all 3 times.

Not very secure, UA.
exerda is offline  
Reply
Old Aug 12, 16, 10:47 pm
  #400  
 
Join Date: Dec 2002
Location: Texas
Posts: 640
Originally Posted by stimpy
You mean so that anyone who steals our iPhones or Macs can then easily access our United account? Sorry, but passwords are meant to be stored in human memory. Two-factor is fine, but it is a fail if we have to store the second factor in a place where a hacker could access them.
That is solved by Touch ID. If your iPhone is robbed, no one can get into it. If someone steals the mac in your house, then you have issues with perimeter control and memorizing a password is not going to really matter at that point.
Miggles is offline  
Reply
Old Aug 13, 16, 1:41 am
  #401  
FlyerTalk Evangelist
 
Join Date: Apr 2009
Location: Blair and Brown's Broken Britain
Programs: Lifetime Gold, Global Entry, Hertz PC, and my wallet
Posts: 20,019
My strategy of just choosing the first answer for the answers to the idiotic questions may come back to bite me. Like someone upthread, having to clear cookies/cache to try and get around the fact it never remembers searches and "sorry we cannot process your request" issues, this might come back to bite me.

On another note, both challenges on phone and laptop gave exactly the same questions. If that continues I may stand a chance. As for answering them over the phone, unless I am in front of the laptop I am screwed. I think I will have to store them somewhere which kind of defeats the object.
Silver Fox is offline  
Reply
Old Aug 13, 16, 2:46 am
  #402  
FlyerTalk Evangelist
Four Seasons Contributor BadgeMandarin Oriental Contributor Badge
 
Join Date: Feb 1999
Location: Seat 1A, Juice pretty much everywhere, Mucci des Coins Exotiques
Posts: 34,339
Originally Posted by Miggles
That is solved by Touch ID. If your iPhone is robbed, no one can get into it.
Sorry, but that's not true. If they have physical access to your device, they can crack it.
stimpy is offline  
Reply
Old Aug 13, 16, 9:22 pm
  #403  
 
Join Date: Jun 2007
Location: YVR SFO EOF
Programs: UA 1K, VX S
Posts: 4,864
It's good to know that the media is picking up on how broken this is.

https://techcrunch.com/2016/08/13/it...line-security/
http://www.slate.com/articles/techno...questions.html
unavaca is offline  
Reply
Old Aug 13, 16, 9:48 pm
  #404  
FlyerTalk Evangelist
 
Join Date: Sep 2002
Location: Between AUS, EWR, and YTO In a little twisty maze of airline seats, all alike...
Programs: CO, NW, & UA forum moderator emeritus
Posts: 34,285
If UA was so worried about key loggers they could have had us enter our existing 4-digit PIN via a point-and-click numeric display on the screen. Other sites and applications do this. It would have been much easier and more secure than questions/answers that have no meaning t us and that we will never remember.
Xyzzy is offline  
Reply
Old Aug 13, 16, 11:03 pm
  #405  
FlyerTalk Evangelist
Four Seasons Contributor BadgeMandarin Oriental Contributor Badge
 
Join Date: Feb 1999
Location: Seat 1A, Juice pretty much everywhere, Mucci des Coins Exotiques
Posts: 34,339
Originally Posted by unavaca
It's good to know that the media is picking up on how broken this is.

https://techcrunch.com/2016/08/13/it...line-security/
http://www.slate.com/articles/techno...questions.html
Excellent! Many journalists fly often so I hope to see more of such stories.
stimpy is offline  
Reply

Thread Tools
Search this Thread
Search this Thread:

Advanced Search

Advanced Search
Reply Closed Thread Share
Forum Jump

Contact Us - Manage Preferences - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service - Do Not Sell or Share My Personal Information -

This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2023 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.