Go Back  FlyerTalk Forums > Miles&Points > Airlines and Mileage Programs > United Airlines | MileagePlus
Reload this Page >

UA initiates Account Security Update (Security Q&A authentication added 2016)

UA initiates Account Security Update (Security Q&A authentication added 2016)

Old Aug 29, 16, 6:19 am
  #496  
 
Join Date: Dec 2009
Location: ANC
Posts: 5,405
Well thanks to United's security question and answer system, my answer for each question is simply the first result alphabetically, because who knows what my favourite ______ is in 3 years time.
belfordrocks is offline  
Old Aug 29, 16, 6:39 am
  #497  
ssh
 
Join Date: Jun 2007
Location: Boulder, Colorado
Programs: UA 1K (MM), MR Plat Prem, Hertz Pres
Posts: 1,164
Originally Posted by narvik View Post
Wait. The phone agents ask these questions also? Well, do they at least offer the choices?
No, they don't. And they are extremely embarrassed about asking them. I've had them asked twice, and both times the agents apologized.

Also, interestingly, one of the questions is about the "first city you visited." Somewhat awkward when discussing an itinerary, I discovered recently!
ssh is offline  
Old Aug 29, 16, 9:00 am
  #498  
 
Join Date: Oct 2013
Posts: 87
I always feel uncomfortable when the security questions/answers are multiplexed between different accounts, especially when there are different levels of (1) security and (2) what's at stake (e.g. bank account vs. a social forum, or even the FF account).
If one of those accounts is compromised (via a general break-in into the website or via social engineering aimed at a specific account), then you've got a good chance of other accounts compromised too.

Now, when a security question chosen for on-line password recovery is also used for a phone support interaction, that increases chances for social engineering hacking being successful. (The same concern applies to those websites that are happy to send you your actual password via e-mail [instead of the one-time password or link to reset your password].)
1StRanger is offline  
Old Aug 29, 16, 9:07 am
  #499  
 
Join Date: Feb 2005
Location: DEN, or so it says...
Programs: UA1K/RCC, Avis CHM, NWA Plat, SPG Plat
Posts: 2,860
I logged in from a "different device" today.
I was presented with two questions which were totally irrelevant to me, and I answered incorrectly.
I now have to call to get my account unlocked, which is of course something I really want to do on a Monday morning.
dimramon is offline  
Old Aug 29, 16, 11:02 am
  #500  
ssh
 
Join Date: Jun 2007
Location: Boulder, Colorado
Programs: UA 1K (MM), MR Plat Prem, Hertz Pres
Posts: 1,164
Originally Posted by 1StRanger View Post
I always feel uncomfortable when the security questions/answers are multiplexed between different accounts, especially when there are different levels of (1) security and (2) what's at stake (e.g. bank account vs. a social forum, or even the FF account).
If one of those accounts is compromised (via a general break-in into the website or via social engineering aimed at a specific account), then you've got a good chance of other accounts compromised too.

Now, when a security question chosen for on-line password recovery is also used for a phone support interaction, that increases chances for social engineering hacking being successful. (The same concern applies to those websites that are happy to send you your actual password via e-mail [instead of the one-time password or link to reset your password].)
...and these are some of the reasons this is not 2FA. It's just more to remember. That's not a second factor! ARGGGHHH!

It may be slow, but at least it's hard to use.
ssh is offline  
Old Aug 29, 16, 11:15 am
  #501  
 
Join Date: Dec 2005
Location: Japan
Posts: 5,565
Originally Posted by narvik View Post
Wait. The phone agents ask these questions also? Well, do they at least offer the choices?
The past weeks I keep getting asked for my date of birth by the phone agents. Yesterday I wanted to test the attention span a bit and I decided to give them a wrong year. Seemingly did not matter, business as usual. Very safe
Exleftseat is offline  
Old Aug 29, 16, 11:23 am
  #502  
Moderator: United Airlines; FlyerTalk Evangelist
 
Join Date: Jun 2007
Location: SFO
Programs: UA Plat 1.85MM, Hyatt Discoverist, Marriott Plat/LT Gold, Hilton Silver, IHG Plat
Posts: 62,261
Originally Posted by dimramon View Post
... I now have to call to get my account unlocked, which is of course something I really want to do on a Monday morning.
Don't need to call to unlock, it is done via email.
WineCountryUA is offline  
Old Aug 31, 16, 11:58 pm
  #503  
 
Join Date: May 2010
Location: AVP & PEK
Programs: UA 1K 1.7MM, AVIS PC
Posts: 4,976
Originally Posted by ssh View Post
No, they don't. And they are extremely embarrassed about asking them. I've had them asked twice, and both times the agents apologized.

Yikes!

These new 'security' measures are really quite annoying. I've been booking and researching a lot of flights in the last few days, and the united.com site keeps telling me I am using a new device, and it is lucky (but not very safe) that I answered all questions not by correctness of answer, but rather alphabetically. I wanted to be an accountant, favourite fruit is apple, met wife in April, Banana ice cream, etc. This proved a life saver (well, time saver at least) when I was updating the family members' accounts, as I used the same answer for all their questions also.

I might not do well though, if I can't see all the choices of answers in front of me; i.e. over the phone I might answer favorite ice cream is Acai, favourite fruit is Aceolai, and I wanted to be an Able Seaman when I grew up...

Oy vey!


It has the advantage that I don't even bother reading the questions anymore; I just pick the answer that is alphabetically first. After doing this at least 20 to 30 times in the last few days I might be answering:

Favourite sport: Artichoke
Month you met your wife: Apples
Favourite pizza topping: Baseball
Favourite fruit: Accountant

Last edited by narvik; Sep 1, 16 at 12:12 am
narvik is online now  
Old Sep 1, 16, 2:15 am
  #504  
 
Join Date: Dec 2009
Location: ANC
Posts: 5,405
United must think a lot of pax like adventure vacations
belfordrocks is offline  
Old Sep 1, 16, 8:00 am
  #505  
FlyerTalk Evangelist
 
Join Date: Mar 2014
Location: 4me
Posts: 10,858
Originally Posted by ssh View Post
No, they don't. And they are extremely embarrassed about asking them. I've had them asked twice, and both times the agents apologized.

Also, interestingly, one of the questions is about the "first city you visited." Somewhat awkward when discussing an itinerary, I discovered recently!
I've had to call an agent 3 times this week and have only been asked my questions once. Whats funny is the call I got asked on was the least important and didn't involve a transaction, I just had a general question while the other two involved rebookings.
TomMM is online now  
Old Sep 4, 16, 11:35 pm
  #506  
FlyerTalk Evangelist
 
Join Date: May 2001
Posts: 10,700
I had to call today to have a schedule change fixed on an award ticket. I was a little surprised when the agent asked me the answers to those questions. Some of them are personal
username is offline  
Old Sep 5, 16, 3:40 am
  #507  
 
Join Date: Jul 2003
Location: BOS, PVG
Programs: United Global Services and 1MM, Marriott Ambassador
Posts: 9,741
Thumbs down

Originally Posted by narvik View Post
Yikes!

These new 'security' measures are really quite annoying. I've been booking and researching a lot of flights in the last few days, and the united.com site keeps telling me I am using a new device,

This is really annoying.

Why ual.blowup keeps saying I'm using a new device and asking me to answer these stupid questions?

I thought that you don't have to answer them once you click "remember this device"?
kb1992 is offline  
Old Sep 5, 16, 6:35 am
  #508  
 
Join Date: Jul 2010
Location: CMH
Programs: UA 1K, 1MM, HH Diamond, Marriott Gold
Posts: 744
Talked with an agent on the Premier line and after she asked me the questions I asked her what she thought of the new process. She said she thought it was cumbersome but that she was told MP fraud is down 40% since the changes have been made.

If true, that is significant. Doesn't change the fact that it's a pain to use but in their eyes is having a major impact on fraud.
RockinRon is offline  
Old Sep 5, 16, 7:55 am
  #509  
 
Join Date: Jan 2016
Location: CLE (mostly)
Programs: UA Plat, Hyatt Explorist, Mlife Gold, Starbucks Gold
Posts: 820
Originally Posted by RockinRon View Post
Talked with an agent on the Premier line and after she asked me the questions I asked her what she thought of the new process. She said she thought it was cumbersome but that she was told MP fraud is down 40% since the changes have been made.

If true, that is significant. Doesn't change the fact that it's a pain to use but in their eyes is having a major impact on fraud.
In the meantime, I haven't been asked for any verification any of the 10+ times in the last few weeks I've called the Premier Desk.
Wooglin is offline  
Old Sep 5, 16, 11:35 am
  #510  
Moderator: United Airlines; FlyerTalk Evangelist
 
Join Date: Jun 2007
Location: SFO
Programs: UA Plat 1.85MM, Hyatt Discoverist, Marriott Plat/LT Gold, Hilton Silver, IHG Plat
Posts: 62,261
Originally Posted by kb1992 View Post
This is really annoying.

Why ual.blowup keeps saying I'm using a new device and asking me to answer these stupid questions?

I thought that you don't have to answer them once you click "remember this device"?
Have you blocked cookies?
Does your system clear cookies on a regular basis?
Are your browsing in private / anonymous mode?
"Remember this device" can not override your device settings.
WineCountryUA is offline  

Thread Tools
Search this Thread