UA initiates Account Security Update (Security Q&A authentication added 2016)
Aug 29, 16, 6:39 am
#497
Join Date: Jun 2007
Location: Boulder, Colorado
Programs: UA 1K (MM), MR Plat Prem, Hertz Pres
Posts: 1,164
Originally Posted by narvik
Wait. The phone agents ask these questions also? Well, do they at least offer the choices?
Also, interestingly, one of the questions is about the "first city you visited." Somewhat awkward when discussing an itinerary, I discovered recently!
Aug 29, 16, 9:00 am
#498
Join Date: Oct 2013
Posts: 87
I always feel uncomfortable when the security questions/answers are multiplexed between different accounts, especially when there are different levels of (1) security and (2) what's at stake (e.g. bank account vs. a social forum, or even the FF account).
If one of those accounts is compromised (via a general break-in into the website or via social engineering aimed at a specific account), then you've got a good chance of other accounts compromised too.
Now, when a security question chosen for on-line password recovery is also used for a phone support interaction, that increases chances for social engineering hacking being successful. (The same concern applies to those websites that are happy to send you your actual password via e-mail [instead of the one-time password or link to reset your password].)
If one of those accounts is compromised (via a general break-in into the website or via social engineering aimed at a specific account), then you've got a good chance of other accounts compromised too.
Now, when a security question chosen for on-line password recovery is also used for a phone support interaction, that increases chances for social engineering hacking being successful. (The same concern applies to those websites that are happy to send you your actual password via e-mail [instead of the one-time password or link to reset your password].)
Aug 29, 16, 9:07 am
#499
Join Date: Feb 2005
Location: DEN, or so it says...
Programs: UA1K/RCC, Avis CHM, NWA Plat, SPG Plat
Posts: 2,860
I logged in from a "different device" today.
I was presented with two questions which were totally irrelevant to me, and I answered incorrectly.
I now have to call to get my account unlocked, which is of course something I really want to do on a Monday morning.
I was presented with two questions which were totally irrelevant to me, and I answered incorrectly.
I now have to call to get my account unlocked, which is of course something I really want to do on a Monday morning.
Aug 29, 16, 11:02 am
#500
Join Date: Jun 2007
Location: Boulder, Colorado
Programs: UA 1K (MM), MR Plat Prem, Hertz Pres
Posts: 1,164
Originally Posted by 1StRanger
I always feel uncomfortable when the security questions/answers are multiplexed between different accounts, especially when there are different levels of (1) security and (2) what's at stake (e.g. bank account vs. a social forum, or even the FF account).
If one of those accounts is compromised (via a general break-in into the website or via social engineering aimed at a specific account), then you've got a good chance of other accounts compromised too.
Now, when a security question chosen for on-line password recovery is also used for a phone support interaction, that increases chances for social engineering hacking being successful. (The same concern applies to those websites that are happy to send you your actual password via e-mail [instead of the one-time password or link to reset your password].)
If one of those accounts is compromised (via a general break-in into the website or via social engineering aimed at a specific account), then you've got a good chance of other accounts compromised too.
Now, when a security question chosen for on-line password recovery is also used for a phone support interaction, that increases chances for social engineering hacking being successful. (The same concern applies to those websites that are happy to send you your actual password via e-mail [instead of the one-time password or link to reset your password].)
It may be slow, but at least it's hard to use.
Aug 29, 16, 11:15 am
#501
Join Date: Dec 2005
Location: Japan
Posts: 5,565
Originally Posted by narvik
Wait. The phone agents ask these questions also? Well, do they at least offer the choices?
Aug 29, 16, 11:23 am
#502
Moderator: United Airlines; FlyerTalk Evangelist
Join Date: Jun 2007
Location: SFO
Programs: UA Plat 1.85MM, Hyatt Discoverist, Marriott Plat/LT Gold, Hilton Silver, IHG Plat
Posts: 62,261
Originally Posted by dimramon
... I now have to call to get my account unlocked, which is of course something I really want to do on a Monday morning.
Aug 31, 16, 11:58 pm
#503
Join Date: May 2010
Location: AVP & PEK
Programs: UA 1K 1.7MM, AVIS PC
Posts: 4,976
Originally Posted by ssh
No, they don't. And they are extremely embarrassed about asking them. I've had them asked twice, and both times the agents apologized.
Yikes!
These new 'security' measures are really quite annoying. I've been booking and researching a lot of flights in the last few days, and the united.com site keeps telling me I am using a new device, and it is lucky (but not very safe) that I answered all questions not by correctness of answer, but rather alphabetically. I wanted to be an accountant, favourite fruit is apple, met wife in April, Banana ice cream, etc. This proved a life saver (well, time saver at least) when I was updating the family members' accounts, as I used the same answer for all their questions also.
I might not do well though, if I can't see all the choices of answers in front of me; i.e. over the phone I might answer favorite ice cream is Acai, favourite fruit is Aceolai, and I wanted to be an Able Seaman when I grew up...
Oy vey!
It has the advantage that I don't even bother reading the questions anymore; I just pick the answer that is alphabetically first. After doing this at least 20 to 30 times in the last few days I might be answering:
Favourite sport: Artichoke
Month you met your wife: Apples
Favourite pizza topping: Baseball
Favourite fruit: Accountant
Last edited by narvik; Sep 1, 16 at 12:12 am
Sep 1, 16, 8:00 am
#505
FlyerTalk Evangelist
Join Date: Mar 2014
Location: 4éme
Posts: 10,858
Originally Posted by ssh
No, they don't. And they are extremely embarrassed about asking them. I've had them asked twice, and both times the agents apologized.
Also, interestingly, one of the questions is about the "first city you visited." Somewhat awkward when discussing an itinerary, I discovered recently!
Also, interestingly, one of the questions is about the "first city you visited." Somewhat awkward when discussing an itinerary, I discovered recently!
Sep 5, 16, 3:40 am
#507
Join Date: Jul 2003
Location: BOS, PVG
Programs: United Global Services and 1MM, Marriott Ambassador
Posts: 9,741
Originally Posted by narvik
Yikes!
These new 'security' measures are really quite annoying. I've been booking and researching a lot of flights in the last few days, and the united.com site keeps telling me I am using a new device,
These new 'security' measures are really quite annoying. I've been booking and researching a lot of flights in the last few days, and the united.com site keeps telling me I am using a new device,
This is really annoying.
Why ual.blowup keeps saying I'm using a new device and asking me to answer these stupid questions?
I thought that you don't have to answer them once you click "remember this device"?
Sep 5, 16, 6:35 am
#508
Join Date: Jul 2010
Location: CMH
Programs: UA 1K, 1MM, HH Diamond, Marriott Gold
Posts: 744
Talked with an agent on the Premier line and after she asked me the questions I asked her what she thought of the new process. She said she thought it was cumbersome but that she was told MP fraud is down 40% since the changes have been made.
If true, that is significant. Doesn't change the fact that it's a pain to use but in their eyes is having a major impact on fraud.
If true, that is significant. Doesn't change the fact that it's a pain to use but in their eyes is having a major impact on fraud.
Sep 5, 16, 7:55 am
#509
Join Date: Jan 2016
Location: CLE (mostly)
Programs: UA Plat, Hyatt Explorist, Mlife Gold, Starbucks Gold
Posts: 820
Originally Posted by RockinRon
Talked with an agent on the Premier line and after she asked me the questions I asked her what she thought of the new process. She said she thought it was cumbersome but that she was told MP fraud is down 40% since the changes have been made.
If true, that is significant. Doesn't change the fact that it's a pain to use but in their eyes is having a major impact on fraud.
If true, that is significant. Doesn't change the fact that it's a pain to use but in their eyes is having a major impact on fraud.
Sep 5, 16, 11:35 am
#510
Moderator: United Airlines; FlyerTalk Evangelist
Join Date: Jun 2007
Location: SFO
Programs: UA Plat 1.85MM, Hyatt Discoverist, Marriott Plat/LT Gold, Hilton Silver, IHG Plat
Posts: 62,261
Originally Posted by kb1992
This is really annoying.
Why ual.blowup keeps saying I'm using a new device and asking me to answer these stupid questions?
I thought that you don't have to answer them once you click "remember this device"?
Why ual.blowup keeps saying I'm using a new device and asking me to answer these stupid questions?
I thought that you don't have to answer them once you click "remember this device"?
Does your system clear cookies on a regular basis?
Are your browsing in private / anonymous mode?
"Remember this device" can not override your device settings.
