ndhapple

Hah! Same.

Also, pre-filling in the security questions defeats the purpose of having a security question, as it literally provides a set of answers hackers can simply troll through until they get the answer right. So congrats to United IT for another hair-brained, poorly implemented idea.

MCLC

I just tried to login with my MP# and password (I never use the PIN) and it just took me back to the login page to try again. I can't even get to a point where I'm asked security questions.

CaptainMiles

The list of cities available for "first major city that you visited" is precious.

Samples of cities that make the list incude such major metropolises as Santa Fe, Cardiff, or Berne.

And missing from the list are small villages such as Singapore, Tel Aviv, Saigon/Ho Chi Min, or Honolulu. Even the former hub of Cleveland is absent.

How did they come up with this list anyway?

CaptainMiles

Then let's answer that our first car was a Rolls Royce or a Lamborghini, and see what kind of offers we get. Just watch your inbox for special offers from Gulfstream.

ndhapple

Also included: Fresno; also missing: New Orleans.

¯\_(ツ)_/¯

PTahCha

They didn't include triangle as an option for my favorite musical instrument.

Well, the assumption is a 3 or 5 strikes and your account is locked. With 5 different questions and >10 options, the chance a hacker got it right within the limit is slim.

Then again, I prefer self-filled answers so it's not predicable. Like triangle.

mreplus

It seems as if they make you fill in your answers to protect against banking trojans that record keystrokes. I bet there are more improvements coming in the future.

Kacee

*shudder*

jamesdenver

Another problem with these dumb questions (such as "What was your high school") is that a hacker or social engineer can easily parse through unlocked social media accounts to find the answers. If I recall it happened to a celebrity a few years back, whose dog name and other answers were easily found.

If I'm attempting to find one's "favorite vacation" all I need to do is look at their Facebook and see multiple pictures of Hawaii or whatever.

I use an completely unrelated answer for these. If I need unique answers I format it as such:

SCHOOL XXX XXX XXX
DOGNAME XXX XXX XXX

Plus, I have a lot of favorite foods.

Alpha Golf

Went through the annoying process and now I can't log in. Using the correct password, it just goes back to the sign in screen.

Another A+ job from United IT.

itsMoe

That was actually Sarah Palin: https://en.wikipedia.org/wiki/Sarah_Palin_email_hack

United has made it even easier though by restricting the answer pool to a very finite number of pre-set answers. Usually, there's a text field where you can type anything, e.g. for "Favorite animal" you could choose to simply enter another password, a bunch of numbers, or at least obscure your dogs name a little (e.g. w_Ald0.)

Here, there's less than two dozen possible answers for each category. This doesn't really add much in terms of security.

Having said that, I'm happy to see the 4 digit PIN go.

Silver Fox

Press the "Update Later" button until there are no more "Update Later" buttons left !

ndhapple

You'd hope. But then again, we're talking about United IT.

The thing that scares me is that you could find the answers to most of those questions they posed simply by trolling someone's Facebook page. And a pull-down menu means that there are no variables in the answers you provide. I wish UA would implement some form of two factor authentication but I'll probably be dead before that ever happens.

transportprof

I feel bad for those of you who fell into this latest cluster. I'm lucky in that I just got back from a trip this week and don't have another one until March. But I'd hate to be in Delhi or Melbourne with a flight that goes MX and be locked out of my account because of this.

Could UA Insider please take the time to let us know whether this security upgrade could be turned off for another month or two while it is debugged - kind of like the new web site's rollout?

United may still be a bumbling, stumbling, organization, but if their new leadership team is on the ball they will at least come up with effective remedies and workarounds for such problems.

It seems to me like the best option at this point is to stop the insanity of locking people out of their accounts in the name of security and then return to this initiative after some more programming and debugging work. @:-)

villox

These questions are incredibly dumb. I actually had trouble coming up with 5 of them that I knew were strong enough preferences that I'd remember them 2 years from now when I forget my password.

I also swear they're different in the app vs online, or maybe they've already changed some of them. Last night I distinctly recall one of the questions being "What color was the house you grew up in" and the one mentioned in this thread about the first major city you visited, but when I go to manage profile I see neither of these.