Go Back  FlyerTalk Forums > Miles&Points > Airlines and Mileage Programs > United Airlines | MileagePlus
Reload this Page >

UA initiates Account Security Update (Security Q&A authentication added 2016)

UA initiates Account Security Update (Security Q&A authentication added 2016)

Old Jan 29, 23, 5:48 am
  #631  
 
Join Date: Jun 2004
Posts: 555
Originally Posted by WineCountryUA
The risk is low and the consequences lower.
We can argue about the first assertion, but the second is most definitely false. I've had my credentials stolen (from another site that had an IT breach) and identity used illegally elsewhere after that. It was not a low-impact event to correct. While the theft of information in that case would not have been prevented by 2FA, the results were the same. The costs were substantial in terms of time and financial consequences.
jpezaris is offline  
Old Jan 29, 23, 8:22 am
  #632  
 
Join Date: Jan 2007
Location: Bellingham/Gainesville
Programs: UA-G MM, Priority Club Platinum, Avis First, Hertz 5*, Red Lion
Posts: 2,553
Originally Posted by phkc070408
Being a layman on the topic, I get the impression that you'll register one device with each service and can then share the passkey among your devices. Again, I'm by far an expert on this.
it still needs an authentication of the passkey, so the authentication (password/pin etc) moves from the site level to the device level. really does not change the need for a password/login security just where authentication happens.
prestonh is online now  
Old Jan 29, 23, 1:07 pm
  #633  
Moderator, Omni, Omni/PR, Omni/Games, FlyerTalk Posting Legend
 
Join Date: Oct 2004
Location: Between DCA and IAD
Programs: UA 1K MM; Hilton Diamond
Posts: 64,992
Originally Posted by kb1992
I hate 2FA.

SQ uses OTP and it's makes me crazy.
The thing I really dislike about 2FA (and MFA) is that not everyone has a cell phone at their side every moment. When I'm at the office, logging into any MFA site means rushing out to the phone lockers, bringing phone out of airplane mode, grabbing the code, then rushing back and hoping I jotted the code down correctly and that it hasn't been too long. Or if I'm on a plane using wifi and for some reason my web browser decides it needs to re-authenticate and only offers a voice call or text message for 2FA. Then the MFA authenticator apps also have their own issues, as I found when I upgraded my phone and had major issues moving Duo to the new phone for a couple of the sites & apps I use it for--one I essentially had to de-register the authenticator, then go through the rigmarole of adding it anew.

I get that I don't want to have to deal with the issues of someone stealing my miles, my Plus Points, messing with my existing reservations, etc., but the hassle of 2/MFA is too much for me.
exerda is offline  
Old Jan 29, 23, 1:10 pm
  #634  
 
Join Date: Jul 2003
Location: BOS, PVG
Programs: United Global Services and 1MM, Marriott Ambassador
Posts: 9,825
Originally Posted by exerda
The thing I really dislike about 2FA (and MFA) is that not everyone has a cell phone at their side every moment. When I'm at the office, logging into any MFA site means rushing out to the phone lockers, bringing phone out of airplane mode, grabbing the code, then rushing back and hoping I jotted the code down correctly and that it hasn't been too long. Or if I'm on a plane using wifi and for some reason my web browser decides it needs to re-authenticate and only offers a voice call or text message for 2FA. Then the MFA authenticator apps also have their own issues, as I found when I upgraded my phone and had major issues moving Duo to the new phone for a couple of the sites & apps I use it for--one I essentially had to de-register the authenticator, then go through the rigmarole of adding it anew.

I get that I don't want to have to deal with the issues of someone stealing my miles, my Plus Points, messing with my existing reservations, etc., but the hassle of 2/MFA is too much for me.
Totally agreed.

Other than SQ, is any airline using 2FA?
kb1992 is offline  
Old Jan 29, 23, 1:11 pm
  #635  
 
Join Date: Sep 2006
Location: HNL
Programs: UA GS4MM, MR LT Plat, Hilton Gold
Posts: 6,206
Originally Posted by jpezaris
We can argue about the first assertion, but the second is most definitely false. I've had my credentials stolen (from another site that had an IT breach) and identity used illegally elsewhere after that. It was not a low-impact event to correct. While the theft of information in that case would not have been prevented by 2FA, the results were the same. The costs were substantial in terms of time and financial consequences.
An airline site?
HNLbasedFlyer is online now  
Old Jan 29, 23, 1:17 pm
  #636  
Moderator: United Airlines; FlyerTalk Evangelist
 
Join Date: Jun 2007
Location: SFO
Programs: UA Plat 1.9MM, Hyatt Discoverist, Marriott Plat/LT Gold, Hilton Silver, IHG Plat
Posts: 63,082
Originally Posted by jpezaris
We can argue about the first assertion, but the second is most definitely false. I've had my credentials stolen (from another site that had an IT breach) and identity used illegally elsewhere after that. It was not a low-impact event to correct. While the theft of information in that case would not have been prevented by 2FA, the results were the same. The costs were substantial in terms of time and financial consequences.
The amount of amount PI accessible from your UA account of use to identity theft is low, Name, birthday and residence is about the limit and all those are fairly available on the web with a google search (hence should be insufficient to open a damaging account). Credit card data is just last four digits and security code is not retain in your profile, Neither is Social Security id or account password. Identity theft is generally not done by hacking an individual profile but rather hacking the central database that is not properly encrypted.

Identity theft is a major, major pain, I handled my wife's incident, her issue likely came from one of the credit rating agencies breaches). But your UA profile will not be the source of that. I standby the comment of low consequences.

UA implemented the security questions less to protect you and more to protect UA from users' poor password habits -- and UA having to restore hacked miles.
jsloan and SPN Lifer like this.
WineCountryUA is offline  
Old Jan 30, 23, 8:37 am
  #637  
FlyerTalk Evangelist
 
Join Date: Sep 2002
Location: Between AUS, EWR, and YTO In a little twisty maze of airline seats, all alike...
Programs: CO, NW, & UA forum moderator emeritus
Posts: 33,786
Originally Posted by Dublin_rfk
As someone who is challenged in the use of opposable digits I find the chat feature frustratingly challenging. Between autocorrection features and having difficulty walking and focusing on a handheld device Im helpless. When I need to talk with an agent I need to talk.
h - I absolutely agree that it's not perfect. But sometimes I don't have 30min to wait on hold or I'm on an airplane and can't call. The chat feature has been remarkably useful then (though the agents seem incapable of actually reading my requests sometimes, like "Put person X in E+ seat YYn near me but do not move my seat at all.")
Xyzzy is offline  
Old Jan 30, 23, 11:37 am
  #638  
 
Join Date: Sep 2006
Location: HNL
Programs: UA GS4MM, MR LT Plat, Hilton Gold
Posts: 6,206
Originally Posted by WineCountryUA
The amount of amount PI accessible from your UA account of use to identity theft is low, Name, birthday and residence is about the limit and all those are fairly available on the web with a google search (hence should be insufficient to open a damaging account).

I standby the comment of low consequences.
And that only scratches the surface of what is publicly available on the web - siblings/spouse/past spouses/children, employer information, education, court records, and on and on are easily found on practically everyone unless you've gone deep deep underground - and if you are that deep underground you probably shouldn't be using practically anything on the web or any app.

If you could steal an identity based on United info we'd have all had our identities stolen long ago as the information is so easily found without hacking the United site.
jsloan and SPN Lifer like this.
HNLbasedFlyer is online now  
Old Jan 30, 23, 11:47 am
  #639  
A FlyerTalk Posting Legend
 
Join Date: Apr 2004
Location: GVA (Greater Vancouver Area)
Programs: DREAD Gold; UA 1.034MM; Bonvoy Au-197; PCC Elite+; CCC Elite+; MSC C-12; CWC Au-197; WoH Dis
Posts: 51,448
Originally Posted by kb1992
Other than SQ, is any airline using 2FA?
AC uses a form of 2FA.
mahasamatman is offline  
Old Jan 30, 23, 3:37 pm
  #640  
 
Join Date: Jun 2001
Location: Orlando, FL
Programs: UA 2mm 1K, Marriott Lifetime Platinum, Hilton Diamond, National Executive Elite
Posts: 261
When your account is hacked for 6 Home Depot Gift Cards ([email protected],000) you will appreciate any increased security measures. :
Xyzzy likes this.
cbchicago is offline  
Old Jan 30, 23, 4:04 pm
  #641  
 
Join Date: Sep 2006
Location: HNL
Programs: UA GS4MM, MR LT Plat, Hilton Gold
Posts: 6,206
Originally Posted by cbchicago
When your account is hacked for 6 Home Depot Gift Cards ([email protected],000) you will appreciate any increased security measures. :
Details and resolution?
HNLbasedFlyer is online now  

Thread Tools
Search this Thread