UA initiates Account Security Update (Security Q&A authentication added 2016)

Reply Subscribe

Thread Tools

Search this Thread

Nov 20, 2023, 8:21 pm

#646

Lux Flyer

Join Date: May 2017

Posts: 2,281

Quote:

Originally Posted by DCEsquire

There is some mention in the site that you can enable 2 factor authentication - but I can't seem to locate how to turn this on.

I'm sure it's coming soon, and if they have something out there already, they probably updated a page before actually changing the system.

Jan 12, 2024, 7:23 am

#647

zitsky

Join Date: Apr 2008

Location: RDU

Posts: 5,242

I'm annoyed that United very clearly publishes some info suggesting you turn on two factor authentication even though they DON'T support it anywhere!

https://www.united.com/ual/en/US/fly...-security.html

Jan 12, 2024, 7:49 am

#648

JimInOhio

Join Date: Jun 2014

Programs: UA MM

Posts: 4,129

Quote:

Originally Posted by zitsky

Though they don't say it, I think what they're getting at is enabling two factor authentication on your phone which is a major avenue to your MP account.

Jan 12, 2024, 7:57 am

#649

drewguy

Join Date: May 2009

Location: Washington, DC

Programs: UA 1K 1MM, AA, DL

Posts: 7,418

Quote:

Originally Posted by JimInOhio

Though they don't say it, I think what they're getting at is enabling two factor authentication on your phone which is a major avenue to your MP account.

I think they're just cribbing those security tips from some other website or generic "how to be more secure online" essay. None of those tips are specific to the UA app.

Xyzzy and Aussienarelle like this.

Jan 12, 2024, 8:57 am

#650

Aussienarelle

Join Date: Oct 2015

Location: SAN

Programs: 1K (since 2008), *G (since 1990), 1MM

Posts: 3,219

Quote:

Originally Posted by drewguy

I think they're just cribbing those security tips from some other website or generic "how to be more secure online" essay. None of those tips are specific to the UA app.

Which is kind of the norm for just about any other service provider that has my CC details. UA has more then my CC details they have my passport information, GC information, KTN, address, email, telephone number, my favorite activities, my first car, etc.

The lack of 2FA is very concerning to me as an individual. It is not the potential access to my miles they make take as UA can restore those it is my person details including my upcoming flight details that appalls me that UA does not care about the security of these issues.

I am a lowly 1K so UA does not care about my views on this 2FA issue but wish some high level GS members would raise this issue so UA would take notice and do something.

Xyzzy and Silver Fox like this.

Jan 12, 2024, 9:00 am

#651

zitsky

Join Date: Apr 2008

Location: RDU

Posts: 5,242

Quote:

Originally Posted by JimInOhio

Though they don't say it, I think what they're getting at is enabling two factor authentication on your phone which is a major avenue to your MP account.

Not sure what you mean. I thought 2FA was specific to an application or website not a device?

Jan 12, 2024, 9:01 pm

#652

SPN Lifer

FlyerTalk Evangelist

Join Date: Mar 2002

Location: Saipan, MP 96950 USA (Commonwealth of the Northern Mariana Islands = the CNMI)

Programs: UA Silver, Hilton Silver. Life: UA .57 MM, United & Admirals Clubs (spousal), Marriott Platinum

Posts: 15,058

Quote:

Originally Posted by Aussienarelle (Post # 650)

UA has more then my CC details they have my passport information, GC information, KTN, address, email, telephone number, my favorite activities, my first car, etc.

GC = ?

Jan 12, 2024, 11:55 pm

#653

WineCountryUA

Moderator: United Airlines

Join Date: Jun 2007

Location: SFO

Programs: UA Plat 1.997MM, Hyatt Discoverist, Marriott Plat/LT Gold, Hilton Silver, IHG Plat

Posts: 66,859

Quote:

Originally Posted by SPN Lifer

GC = ?

Green Card

SPN Lifer and Aussienarelle like this.

Jan 30, 2024, 6:14 pm

#654

zitsky

Join Date: Apr 2008

Location: RDU

Posts: 5,242

Account security?

United offers no way to protect an account other than a password? No 2FA? No FaceID etc?

I see I asked this. Thought of it again when I added a credit card. I am not sure how secure it is. I may delete it.

Last edited by zitsky; Jan 30, 2024 at 6:41 pm

Jan 30, 2024, 6:36 pm

#655

WineCountryUA

Moderator: United Airlines

Join Date: Jun 2007

Location: SFO

Programs: UA Plat 1.997MM, Hyatt Discoverist, Marriott Plat/LT Gold, Hilton Silver, IHG Plat

Posts: 66,859

Quote:

Originally Posted by zitsky

United offers no way to protect an account other than a password? No 2FA? No FaceID etc?

And personal profile questions when you use a new device

(Will move this to the master thread which this issue has been extensive covered) Those additional measures can be problematic for the international traveler or while inflight.

Jan 30, 2024, 7:43 pm

#656

Fredd

Join Date: Nov 2002

Location: SEA/YVR/BLI

Programs: UA "Lifetime" Gold, AS MVPG100K, OW Emerald, HH Lifetime Diamond, IC Plat, Marriott Gold, Hertz Gold

Posts: 9,490

Quote:

Originally Posted by WineCountryUA

...Those additional measures can be problematic for the international traveler or while inflight.

You can say that again, so I just did.

Jan 30, 2024, 8:19 pm

#657

VWang1111

Join Date: Apr 2016

Programs: UA 1K 1MM, AA Gold, Marriott Titanium, Hilton Diamond, Hyatt Discoverist

Posts: 695

With UA being leagues ahead in the technology domain. Support for passkeys should be a no-brainer. The Q&A when logging in (on a dormant device/new device) is super annoying.

Silver Fox likes this.

Mar 5, 2024, 9:09 pm

#658

escapefromphl

Join Date: Sep 2008

Location: SF Bay Area

Programs: None - previously UA

Posts: 4,867

Quote:

Originally Posted by WineCountryUA

Strong unique passwords are the antidote.

The issue is you can never remember them then. UA needs to implement 2FA, with any IP address change prompting a challenge, it’s behind the curve and UA accounts are being targeted because of this.

Mar 5, 2024, 9:19 pm

#659

WineCountryUA

Moderator: United Airlines

Join Date: Jun 2007

Location: SFO

Programs: UA Plat 1.997MM, Hyatt Discoverist, Marriott Plat/LT Gold, Hilton Silver, IHG Plat

Posts: 66,859

Quote:

Originally Posted by escapefromphl

The issue is you can never remember them then. ...

Easily addressed with password managers

Quote:

Originally Posted by escapefromphl

UA needs to implement 2FA, with any IP address change prompting a challenge, ...

There are major issues with common 2FA for the international / air traveler. What other air carrier has wht you want?

Quote:

Originally Posted by escapefromphl

it’s behind the curve and UA accounts are being targeted because of this.

Are UA accounts being targeted? More so than ....??? As mentioned above the reports on FT over the past few years have been sparse

Mar 5, 2024, 9:24 pm

#660

United747

Join Date: Feb 2010

Location: ORD

Programs: UA 1K

Posts: 4,220

Quote:

Originally Posted by WineCountryUA

Easily addressed with password managers
There are major issues with common 2FA for the international / air traveler. What other air carrier has wht you want?
Are UA accounts being targeted? More so than ....??? As mentioned above the reports on FT over the past few years have been sparse

I agree with many of these points, but I think SIA has 2fa? Can also be done by email, WhatsApp, Google Authenticator, etc.

All I know is that the password was found in several leaks, whether they were United-related, I don’t know.