Go Back  FlyerTalk Forums > Miles&Points > Airlines and Mileage Programs > United Airlines | MileagePlus
Reload this Page >

UA initiates Account Security Update (Security Q&A authentication added 2016)

UA initiates Account Security Update (Security Q&A authentication added 2016)

Old Jan 29, 2023, 5:48 am
  #631  
 
Join Date: Jun 2004
Posts: 684
Originally Posted by WineCountryUA
The risk is low and the consequences lower.
We can argue about the first assertion, but the second is most definitely false. I've had my credentials stolen (from another site that had an IT breach) and identity used illegally elsewhere after that. It was not a low-impact event to correct. While the theft of information in that case would not have been prevented by 2FA, the results were the same. The costs were substantial in terms of time and financial consequences.
jpezaris is offline  
Old Jan 29, 2023, 8:22 am
  #632  
 
Join Date: Jan 2007
Location: Bellingham/Gainesville
Programs: UA-G MM, Priority Club Platinum, Avis First, Hertz 5*, Red Lion
Posts: 2,808
Originally Posted by phkc070408
Being a layman on the topic, I get the impression that you'll register one device with each service and can then share the passkey among your devices. Again, I'm by far an expert on this.
it still needs an authentication of the passkey, so the authentication (password/pin etc) moves from the site level to the device level. really does not change the need for a password/login security just where authentication happens.
prestonh is offline  
Old Jan 29, 2023, 1:07 pm
  #633  
Moderator, Omni, Omni/PR, Omni/Games, FlyerTalk Posting Legend
 
Join Date: Oct 2004
Location: Between DCA and IAD
Programs: UA 1K MM; Hilton Diamond
Posts: 67,011
Originally Posted by kb1992
I hate 2FA.

SQ uses OTP and it's makes me crazy.
The thing I really dislike about 2FA (and MFA) is that not everyone has a cell phone at their side every moment. When I'm at the office, logging into any MFA site means rushing out to the phone lockers, bringing phone out of airplane mode, grabbing the code, then rushing back and hoping I jotted the code down correctly and that it hasn't been too long. Or if I'm on a plane using wifi and for some reason my web browser decides it needs to re-authenticate and only offers a voice call or text message for 2FA. Then the MFA authenticator apps also have their own issues, as I found when I upgraded my phone and had major issues moving Duo to the new phone for a couple of the sites & apps I use it for--one I essentially had to de-register the authenticator, then go through the rigmarole of adding it anew.

I get that I don't want to have to deal with the issues of someone stealing my miles, my Plus Points, messing with my existing reservations, etc., but the hassle of 2/MFA is too much for me.
exerda is offline  
Old Jan 29, 2023, 1:10 pm
  #634  
FlyerTalk Evangelist
 
Join Date: Jul 2003
Location: BOS, PVG
Programs: United 1K and 1MM, Marriott Ambassador
Posts: 10,000
Originally Posted by exerda
The thing I really dislike about 2FA (and MFA) is that not everyone has a cell phone at their side every moment. When I'm at the office, logging into any MFA site means rushing out to the phone lockers, bringing phone out of airplane mode, grabbing the code, then rushing back and hoping I jotted the code down correctly and that it hasn't been too long. Or if I'm on a plane using wifi and for some reason my web browser decides it needs to re-authenticate and only offers a voice call or text message for 2FA. Then the MFA authenticator apps also have their own issues, as I found when I upgraded my phone and had major issues moving Duo to the new phone for a couple of the sites & apps I use it for--one I essentially had to de-register the authenticator, then go through the rigmarole of adding it anew.

I get that I don't want to have to deal with the issues of someone stealing my miles, my Plus Points, messing with my existing reservations, etc., but the hassle of 2/MFA is too much for me.
Totally agreed.

Other than SQ, is any airline using 2FA?
kb1992 is offline  
Old Jan 29, 2023, 1:11 pm
  #635  
 
Join Date: Sep 2006
Location: HNL
Programs: UA GS4MM, MR LT Plat, Hilton Gold
Posts: 6,447
Originally Posted by jpezaris
We can argue about the first assertion, but the second is most definitely false. I've had my credentials stolen (from another site that had an IT breach) and identity used illegally elsewhere after that. It was not a low-impact event to correct. While the theft of information in that case would not have been prevented by 2FA, the results were the same. The costs were substantial in terms of time and financial consequences.
An airline site?
HNLbasedFlyer is offline  
Old Jan 29, 2023, 1:17 pm
  #636  
Moderator: United Airlines
 
Join Date: Jun 2007
Location: SFO
Programs: UA Plat 1.99MM, Hyatt Discoverist, Marriott Plat/LT Gold, Hilton Silver, IHG Plat
Posts: 66,577
Originally Posted by jpezaris
We can argue about the first assertion, but the second is most definitely false. I've had my credentials stolen (from another site that had an IT breach) and identity used illegally elsewhere after that. It was not a low-impact event to correct. While the theft of information in that case would not have been prevented by 2FA, the results were the same. The costs were substantial in terms of time and financial consequences.
The amount of amount PI accessible from your UA account of use to identity theft is low, Name, birthday and residence is about the limit and all those are fairly available on the web with a google search (hence should be insufficient to open a damaging account). Credit card data is just last four digits and security code is not retain in your profile, Neither is Social Security id or account password. Identity theft is generally not done by hacking an individual profile but rather hacking the central database that is not properly encrypted.

Identity theft is a major, major pain, I handled my wife's incident, her issue likely came from one of the credit rating agencies breaches). But your UA profile will not be the source of that. I standby the comment of low consequences.

UA implemented the security questions less to protect you and more to protect UA from users' poor password habits -- and UA having to restore hacked miles.
jsloan and SPN Lifer like this.
WineCountryUA is offline  
Old Jan 30, 2023, 8:37 am
  #637  
FlyerTalk Evangelist
 
Join Date: Sep 2002
Location: Between AUS, EWR, and YTO In a little twisty maze of airline seats, all alike...
Programs: CO, NW, & UA forum moderator emeritus
Posts: 35,339
Originally Posted by Dublin_rfk
As someone who is challenged in the use of opposable digits I find the chat feature frustratingly challenging. Between autocorrection features and having difficulty walking and focusing on a handheld device Im helpless. When I need to talk with an agent I need to talk.
h - I absolutely agree that it's not perfect. But sometimes I don't have 30min to wait on hold or I'm on an airplane and can't call. The chat feature has been remarkably useful then (though the agents seem incapable of actually reading my requests sometimes, like "Put person X in E+ seat YYn near me but do not move my seat at all.")
Xyzzy is offline  
Old Jan 30, 2023, 11:37 am
  #638  
 
Join Date: Sep 2006
Location: HNL
Programs: UA GS4MM, MR LT Plat, Hilton Gold
Posts: 6,447
Originally Posted by WineCountryUA
The amount of amount PI accessible from your UA account of use to identity theft is low, Name, birthday and residence is about the limit and all those are fairly available on the web with a google search (hence should be insufficient to open a damaging account).

I standby the comment of low consequences.
And that only scratches the surface of what is publicly available on the web - siblings/spouse/past spouses/children, employer information, education, court records, and on and on are easily found on practically everyone unless you've gone deep deep underground - and if you are that deep underground you probably shouldn't be using practically anything on the web or any app.

If you could steal an identity based on United info we'd have all had our identities stolen long ago as the information is so easily found without hacking the United site.
jsloan and SPN Lifer like this.
HNLbasedFlyer is offline  
Old Jan 30, 2023, 11:47 am
  #639  
A FlyerTalk Posting Legend
 
Join Date: Apr 2004
Location: GVA (Greater Vancouver Area)
Programs: DREAD Gold; UA 1.035MM; Bonvoy Au-197; PCC Elite+; CCC Elite+; MSC C-12; CWC Au-197; WoH Dis
Posts: 52,110
Originally Posted by kb1992
Other than SQ, is any airline using 2FA?
AC uses a form of 2FA.
mahasamatman is offline  
Old Jan 30, 2023, 3:37 pm
  #640  
 
Join Date: Jun 2001
Location: Orlando, FL
Programs: UA 2mm 1K, Marriott Lifetime Platinum, Hilton Diamond, National Executive Elite
Posts: 267
When your account is hacked for 6 Home Depot Gift Cards (6@33,000) you will appreciate any increased security measures. :
Xyzzy likes this.
cbchicago is offline  
Old Jan 30, 2023, 4:04 pm
  #641  
 
Join Date: Sep 2006
Location: HNL
Programs: UA GS4MM, MR LT Plat, Hilton Gold
Posts: 6,447
Originally Posted by cbchicago
When your account is hacked for 6 Home Depot Gift Cards (6@33,000) you will appreciate any increased security measures. :
Details and resolution?
HNLbasedFlyer is offline  
Old Nov 17, 2023, 12:02 pm
  #642  
 
Join Date: Nov 2007
Location: Washington DC
Programs: Former 1k, Lifetime UA Gold, Starwood Gold; Avis Preferred; Hertz Gold
Posts: 1,728
UA Account Hacked - Two Factor Authentication Question

I just wrestled control of my United account from some hackers in China. Pretty scary actually.

Got an email from United that my account had been updated. I couldn't log in on my laptop b/c the security questions had been changed. Managed to log into my mobile app and change the password. Saw they had changed my address to China. Fortunately reset the secuirty questions and nothing had been taken out of my account yet.

There is some mention in the site that you can enable 2 factor authentication - but I can't seem to locate how to turn this on.

I was so annoyed by Marriot's default 2 factor authentication - now I can't imagine not having 2 factor enabled. Time to update all of my passwords. Gosh.
SPN Lifer and tryathlete like this.
DCEsquire is offline  
Old Nov 17, 2023, 12:18 pm
  #643  
A FlyerTalk Posting Legend
 
Join Date: Apr 2013
Location: PHX
Programs: AS 75K; UA 1MM; Hyatt Globalist; Marriott LTP; Hilton Diamond (Aspire)
Posts: 56,299
Originally Posted by DCEsquire
There is some mention in the site that you can enable 2 factor authentication - but I can't seem to locate how to turn this on.
UA doesn't have true 2 factor, just the set of security questions ("what's your favorite flavor of ice cream?").

Glad to hear they weren't able to steal your miles!
Kacee is offline  
Old Nov 17, 2023, 12:32 pm
  #644  
 
Join Date: Aug 2010
Location: Morris County, NJ
Programs: UA 1K/*G, Avis Pres, Marriott Plat
Posts: 2,296
Originally Posted by DCEsquire
I just wrestled control of my United account from some hackers in China. Pretty scary actually.

Got an email from United that my account had been updated. I couldn't log in on my laptop b/c the security questions had been changed. Managed to log into my mobile app and change the password. Saw they had changed my address to China. Fortunately reset the secuirty questions and nothing had been taken out of my account yet.

There is some mention in the site that you can enable 2 factor authentication - but I can't seem to locate how to turn this on.

I was so annoyed by Marriot's default 2 factor authentication - now I can't imagine not having 2 factor enabled. Time to update all of my passwords. Gosh.
Yikes! That's some scary stuff.

A true password manager (ala 1Password or whatever your preferred tool is) + completely randomized passwords + two-factor authentication is key. So glad you were able to wrestle control back from the bad guys - sadly that stuff happens WAY too often.

I do prefer non-SMS based TFA which is what irks me about Marriott, but otherwise agree - it's a good idea.
dmurphynj is offline  
Old Nov 20, 2023, 7:35 pm
  #645  
 
Join Date: Mar 2014
Location: PWM
Programs: AA Plat
Posts: 1,332
How on earth were they able to get in without knowing your favorite car? I'm genuinely curious.

My AA acct was hacked this year and they have 2FA. Huge pain to fix. Of course, they only ask about 2% of the time so the odds of catching criminals is slim. I changed ALL my crummy passwords (yes I reuse them) but didn't bother with UA due to the security questions.
sexykitten7 is offline  

Thread Tools
Search this Thread

Contact Us - Manage Preferences - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service -

This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.