UA IT issue: Required security questions/authentication every logon, -- Fixed?
Oct 3, 2022, 11:44 am
#46
Join Date: Jun 2006
Location: Chicago, Kailua-Kona, Cairns
Programs: UA 1K >2MM, IC Plat, Hilton Diamond, Marriott Gold
Posts: 740
United Club Chocolate Chip Cookies: Usually pretty good
United.com Cookies that let your browser remember you: Terrible. Vanish without warning. Expire faster than unrefrigerated sushi.
United should try Amazon's cookie recipe. Those are indestructible, last for years. Maybe decades.
United.com Cookies that let your browser remember you: Terrible. Vanish without warning. Expire faster than unrefrigerated sushi.
United should try Amazon's cookie recipe. Those are indestructible, last for years. Maybe decades.
I have a high-level IT contact at UA in Chicago. I recently had password reset attempts (not me) on my UA, AA, and IHG accounts. I reached out to UA and was told that the travel companies generally under attack by identity thieves - a leak at one unnamed travel company was being exploited. United's philosophy is in part to tighten up login procedures via web browsers during these periods of vulnerability. I note the same lack of persistence in my UA connection on MacOS (Ventura) but not on my iOS devices, which are inherently more secure.
As always, complex passwords are required especially on accounts where financial exposure is likely. And don't use the same password from place to place. This isn't an issue to joke about, or ..... about IMHO.
Oct 3, 2022, 9:23 pm
#48
A FlyerTalk Posting Legend
Join Date: Apr 2004
Location: GVA (Greater Vancouver Area)
Programs: DREAD Gold; UA 1.035MM; Bonvoy Au-197; PCC Elite+; CCC Elite+; MSC C-12; CWC Au-197; WoH Dis
Posts: 52,140
Oct 4, 2022, 5:15 am
#49
Join Date: Mar 2015
Location: CLE
Programs: UA:1K 0.81M
Posts: 135
Yeah, but it would be nice to have them last a little longer than this:
1. Go to united.com (Chrome)
2. log in
3. answer the security questions
4. click on check-in to print a boarding pass
5. receive message that session has expired
6. go back to step 2 and endlessly loop
1. Go to united.com (Chrome)
2. log in
3. answer the security questions
4. click on check-in to print a boarding pass
5. receive message that session has expired
6. go back to step 2 and endlessly loop
Last edited by 50Kthehardway; Oct 4, 2022 at 5:22 am
Oct 4, 2022, 6:51 am
#50
Join Date: Oct 2013
Location: Austin, TX
Programs: UA 1K, Marriott Gold, SPG Gold
Posts: 141
Long lasting cookies aren't necessarily weak security. Why not keep people logged in (and stop the annoying auto-logouts, too) so they can easily search flights with their status reflected, book tickets in their own name, and perform other low risk functions. If they want to transfer miles, book tickets for others, etc., then reauthenticate them. (Amazon does that, for example, if you ship to a new address or want to send gift cards.)
Oct 4, 2022, 7:00 pm
#51
Join Date: Sep 2013
Location: CHS
Programs: UA GS, Bonvoy Amabassador, Hertz PC
Posts: 2,589
Maybe this is also why we can't see LH awards either....or hopefully it is fixing why we can't see LH awards....
Last edited by WineCountryUA; Oct 4, 2022 at 7:10 pm Reason: split post
Oct 5, 2022, 12:51 am
#53
Join Date: May 2017
Posts: 2,279
Oct 5, 2022, 4:59 am
#55
Join Date: Sep 2013
Location: CHS
Programs: UA GS, Bonvoy Amabassador, Hertz PC
Posts: 2,589
Maybe you got them, but I didn't.
I just searched again - for an easy one - ORD-FRA - the ONLY LH options I got where ORD-CDG-FRA where CDG-FRA was operated by LH - basically not a single flight over the pond was operated by anything other than UA in my search results
Maybe it is just me....
Oct 5, 2022, 11:10 am
#56
Join Date: Jan 2009
Location: COS
Programs: United 1K
Posts: 464
I don't agree this is the right response to the claimed situation, but if it is then communicate better and consider doing something actually effective like requiring stronger passwords rather than continuing to inconvenience customers.
"To improve security of your accounts, the bank will no longer offer online services" - I mean yeah, that's true, but something about babies and bathwater comes to mind.
Oct 5, 2022, 7:28 pm
#57
Join Date: Dec 2009
Location: LAX/LAS
Programs: UA 1MM
Posts: 171
I had expert mode working fine on my PC up until a day or two ago. That's OK - I can live without it until they fix it. However, today for the first time I got a new error when I tried to check in for tomorrow's flight. After login, as soon as I hit the check in button, I get a 'session expired' error message and it kicks me out. I've rebooted, cleared the cache and cookies and tried it again four times now, with the same result. No problem though when I went to the app on my phone and I checked in without issue and got the boarding pass. However, when I went back to the computer and to the UA website and logged in, it shows me as still needing to check in. Guess what happens when I click on the check in button? ;-)
Oct 5, 2022, 10:25 pm
#58
Join Date: Sep 2007
Location: ORD
Programs: UA MM, AA PPro
Posts: 1,480
My (fairly long) career in software development and application security has taught me that if it looks like broken functionality, it likely is broken functionality. Not a deliberate choice. If they were serious about security, they'd implement multi-factor authentication, replace forever-cookies with 30-day cookies, and get rid of passwords altogether.
Oct 6, 2022, 10:03 am
#59
Join Date: Nov 2011
Location: DEN
Programs: UA Gold, HH Diamond, National Executive Elite
Posts: 144
I don't want "cookies that last forever".
I have a high-level IT contact at UA in Chicago. I recently had password reset attempts (not me) on my UA, AA, and IHG accounts. I reached out to UA and was told that the travel companies generally under attack by identity thieves - a leak at one unnamed travel company was being exploited. United's philosophy is in part to tighten up login procedures via web browsers during these periods of vulnerability. I note the same lack of persistence in my UA connection on MacOS (Ventura) but not on my iOS devices, which are inherently more secure.
As always, complex passwords are required especially on accounts where financial exposure is likely. And don't use the same password from place to place. This isn't an issue to joke about, or ..... about IMHO.
I have a high-level IT contact at UA in Chicago. I recently had password reset attempts (not me) on my UA, AA, and IHG accounts. I reached out to UA and was told that the travel companies generally under attack by identity thieves - a leak at one unnamed travel company was being exploited. United's philosophy is in part to tighten up login procedures via web browsers during these periods of vulnerability. I note the same lack of persistence in my UA connection on MacOS (Ventura) but not on my iOS devices, which are inherently more secure.
As always, complex passwords are required especially on accounts where financial exposure is likely. And don't use the same password from place to place. This isn't an issue to joke about, or ..... about IMHO.
They need to deploy a proper 2FA/MFA for browser based connections. There's simply no reason this can't also work with TA's access to your account. Personally, I'd want to have to respond to a 2FA request when my account is being accessed.