Logging on to United's frequent flyer site might take longer than a flight

Airline dumps PINs for passwords to harden MileagePlus accounts

United Airlines has renovated the security on its frequent flyer scheme "MileagePlus" by requiring users to answer one of five security questions and enter a password when they log on.

The airline sent emails to customers requesting they update their security from weak, short PINs to complex passwords.

The new codes require two special characters, a number, and five letters to reach the minimum of what United deems a strong password.

Social engineers United customers will still need to use their PINs when they ring United customer contact centres until the changes are complete.

Users have 30 days to make the changes.

Five pull-down security questions need to be filled from pre-selected answers, reducing the chance users will lock themselves out. Those whose childhood dreams were journalism and to play the Huang won't find their answers within, however.

The new authentication arrangements are the latest push by United's internal security team which has created a successful bug bounty initiative within a highly risk-adverse industry.

Millions of miles have been handed out to researchers in exchange for bugs. ®

Biting the hand that feeds IT © 1998–2021