United Airlines New Security Questions are ridiculous

[gwynne]

United has now come up with an absurd list of multiple choice security answers that are required to answer their 5 questions.

Here's one of the questions: What is your favorite sea animal?
Good luck remembering your selections chosen from their drop down list. But hey, having to write down the answers is always more secure, right?

I loved this woman's article on United's great idea. http://www.lajollalight.com/news/2016/apr/27/inga/

http://www.slate.com/articles/techn..._uses_multiple_choice_security_questions.html

 

[HM]

oh, gosh, that's hilarious and ridiculous.

 

[kamik86]

Looking through that it is actually even worse. Remembering the answers isn't what makes it ridiculous. Many of those items are things I know the answer to for my casual friends.

What instrument do you play (if they play any), favorite pizza topping, favorite breed of dog (hmm if they own a dog I bet I would be 99% right if I picked the breed they own... seriously this one I can answer for neighbors I have never had a conversation with).

Favorite sport is one that is shown in the slate one. Again I can answer that for some neighbors I have never had a conversation with and you could easily make this question come up in a conversation if you were trying to target someone.

This is not very secure at all.

 

[Squirlz]

Looks like Page 1 of the Community Board!

 

[I loveStitchnippyjon]

I know how you feel. DH set up our online banking. When I first logged on, the first security question was "what is the name of your high school wrestling coach?" Seriously!!!??

 

[sailorstitch]

Favorite sea animal? *looks down at my new narwhal socks* EVERYBODY knows that my favorite animal in the world is the narwhal! That's no secret. I'm glad I rarely fly anywhere.....

sailorstitch

 

[kamik86]

Normally I purposely change my answer to these a bit to provide extra security. Lets face it I live in a small town a lot of people know my mothers maiden name because she has lived here so long. The reason that one works is I spelled it wrong the first time I did one of these forms. Mom told me I was spelling it wrong a few years later when she say me enter it. I just continued spelling it wrong.... I mean a lot of people may know mom's maiden name but how many know how I misspelled it as a teenager?

Other ones I have on different banks that people know:
What city I met my spouse for the first time: well we are high school sweethearts. Most people I know are aware of this as it comes up from time to time. What city my high school is in is also something that comes up since its still only 40 min from where I work.

Name of my maid of honor or best man: Again small town and I have only been married 7 years. Many people know who was in my wedding party. Others would recognize them if they saw a picture of my wedding party.

Make of my first car. Ok this one is a bit more difficult now. 4 years ago when I was still driving that car however...

 

[sam_gordon]

There's a simple solution to this... someone needs to come up with USB connected scanners (fingerprints, retina scans, DNA?) that can be used when a website, computer, or application needs to confirm it's "you".

 

[DeaverTex]

Ugh. I hate these things, particularly when they ask for your favorite something! I never remember what I put down -- usually because I don't usually have favorites. Other than quokas. I love quokas.

 

[Bianca and Bernard]

I have a system. LOL
(and I keep a list of all my log in stuff at home. I figure if DH wants to know my pw for my FB account, he's more than welcome to it.)

Each different password starts with a different random letter. like: qhotcitylotion99 jlucky13robin (and yes, all my pw are made from numbers and random words; throw in capitals and @#$#$!!! if needed)
Each answer for secret questions starts with the letter that corresponds to the first letter if done backwards (i.e a = z, b = y). They aren't my actual favorites or teacher or car. Just random words that I chose. Like if it asks for my favorite color, and the letter is b, I don't put blue I'll use brain or bubbles.

So if a password is xenvelopedirect100, and the question is "what was your first car", I'd put cantalope.

Yes, I'm weird. Never been "hacked" though.

 

[kamik86]

The security one I loved today... I read this from my bank (small co-op local to me but this is direct copy and paste)

Our Online Banking technology includes Multi-Layered Authentication. This requires you to complete a one-time security update which activates your account for access to Online Banking. You must complete this update to access your account information online. It is intended to provide you with the best security possible. Multi-Layered Authentication consists of validation and authentication of an individual using more than one method of verification. Generally, this is accomplished by verifying three things:

1. Something you are, in the form of identifying information like your dog's name or where you went to high school.
2. Something you have, for example a driver's license, or a security token.
3. Something you know, such as a PIN.

This is pretty bad info.

Ok They got the answer right on what the three factors are for three factor authentication but they failed on what "Something you are" is. There answer would be something you know. Something you are is literally something you are... like a fingerprint or retina scan. Also something you have has to be something you must physically have on you not just a value off of it. Such as a security token where the number on it changes every 30 second or a military CAC card that has to go into the card reader in your computer. Something like a licence number doesn't count since I could copy the number off your licence and put your licence back and you would never know it was stolen.

Most military applications I have used do 2 factor authentication. Something you know (a password or PIN) and something you have (CAC card or RSA token).

 

[DopeyDame]

The security one I loved today... I read this from my bank (small co-op local to me but this is direct copy and paste)

Our Online Banking technology includes Multi-Layered Authentication. This requires you to complete a one-time security update which activates your account for access to Online Banking. You must complete this update to access your account information online. It is intended to provide you with the best security possible. Multi-Layered Authentication consists of validation and authentication of an individual using more than one method of verification. Generally, this is accomplished by verifying three things:

1. Something you are, in the form of identifying information like your dog's name or where you went to high school.
2. Something you have, for example a driver's license, or a security token.
3. Something you know, such as a PIN.

This is pretty bad info.

Ok They got the answer right on what the three factors are for three factor authentication but they failed on what "Something you are" is. There answer would be something you know. Something you are is literally something you are... like a fingerprint or retina scan. Also something you have has to be something you must physically have on you not just a value off of it. Such as a security token where the number on it changes every 30 second or a military CAC card that has to go into the card reader in your computer. Something like a licence number doesn't count since I could copy the number off your licence and put your licence back and you would never know it was stolen.

Most military applications I have used do 2 factor authentication. Something you know (a password or PIN) and something you have (CAC card or RSA token).

Two factor authentication is currently driving me crazy! We recently went to a system with a CAC card that goes into the cardreader on my laptop. So I come in in the morning, take my card out of my badge, and put it into my laptop. Then, a few hours later, I leave to go to lunch or go talk to a co-worker in a different area... with my badge still safely in my computer. ARGH! I must not be the only one who does this, as our security building recently installed a self-serve kiosk for employees without badges.

 

[kamik86]

Two factor authentication is currently driving me crazy! We recently went to a system with a CAC card that goes into the cardreader on my laptop. So I come in in the morning, take my card out of my badge, and put it into my laptop. Then, a few hours later, I leave to go to lunch or go talk to a co-worker in a different area... with my badge still safely in my computer. ARGH! I must not be the only one who does this, as our security building recently installed a self-serve kiosk for employees without badges.

Luckily our badges that allow access in the facility is separate from our CAC and I'm in a locked room where I can leave it in the computer.

The base is much more strict about this. The guys that work on the base had a policy that if someone found your CAC off your person you owed everyone donuts to discourage people from forgetting it.

My badge issue is the locked room that I am in is a badge swipe and since only some employees have access to this room the temp badges you get if you forget your badge at home don't work for this room. So if you forget your badge you get to spend all day annoying your coworkers by having to knock and make them let you in.

 

[rwdavis2]

Although I don't think this is how United works one suggestion for security questions is to always give the same answer to all the questions. As for passwords try to remember a pattern on the keyboard and not some specific word or letters. For example a square pattern or vertical keys and then hit the shift key for the second half of the password: 5tgb%TGB

If you have to change then move it one key over.

 

[Gumbo4x4]

I know how you feel. DH set up our online banking. When I first logged on, the first security question was "what is the name of your high school wrestling coach?" Seriously!!!??

Coach

 

[ez]

I recently had to answer security questions from my bank on the phone. I was told they were multiple choice and computer generated based on public records. One was when we bought out house, and they did not have the correct choice. I told the guy none of them were right and he said well pick the closest month/year . Then I had to know what month my stepsons birthday is in. Being my stepson is close in age to me, and we are not close, I think its presumptuous to think every step parent knows the month of their step children's birthday. i was really disappointed in these questions.

 

[Albort]

There's a simple solution to this... someone needs to come up with USB connected scanners (fingerprints, retina scans, DNA?) that can be used when a website, computer, or application needs to confirm it's "you".

i think current 2 point verification is enough...

 

[sam_gordon]

i think current 2 point verification is enough...

That still relies on a person remember a password, doesn't it? You wouldn't need to remember your fingerprints or anything else I listed. You have a device that you program with your fingerprints. It plugs into a USB port. You scan your fingerprint, it checks with a server and verifies it's "you" and you have access.

Obviously a very rough idea.

 

[Skywise]

I just use a number or name that's not related and use the same for all the questions. These don't have to be super secure but something that most people wouldn't know or find in public internet sources.

Some sites will force you to use unique answers at which point I just use the partial name or tack a number on at the end.

"What is your favorite sea animal"

UnitedAirlinesSux

Thank you! Access Granted!

 

[gwynne]

I just use a number or name that's not related and use the same for all the questions. These don't have to be super secure but something that most people wouldn't know or find in public internet sources.

Some sites will force you to use unique answers at which point I just use the partial name or tack a number on at the end.

"What is your favorite sea animal"

UnitedAirlinesSux

Thank you! Access Granted!

Sadly, your "unique" favorite animal won't work. You have to choose an option from their drop down box.