Something You Know And… Something You Know

Posted on August 19, 2016 by gerv

The email said:

To better protect your United MileagePlus® account, later this week, we’ll no longer allow the use of PINs and implement two-factor authentication.

This is united.com’s idea of two-factor authentication:

united.com screenshot asking two security questions because my device is unknown

It doesn’t count as proper “Something You Have”, if you can bootstrap any new device into “Something You Have” with some more “Something You Know”.

2 thoughts on “Something You Know And… Something You Know”

David Anderson on August 19, 2016 at 11:11 PM said:

Halifax / Lloyds banking group in the UK still do this. To log in to your e-banking, you need firstly your password, and then secondly ….. wait for it … 3 characters from your second password.
Simon on August 20, 2016 at 1:28 PM said:

Sigh… by that logic, having both a username and a password would count as two-factor. What’s the point in even trying?