∞ It’s time to publicly shame United Airlines’ so-called online security
So, just to summarize, United has:
- Compromised its users’ security by adopting a terminally stupid threat model (keystroke loggers), and …
- in response to that threat model, implemented infuriatingly counterintuitive, hard-to-use security questions, rather than…
- something which actually would address that threat; two-factor authentication! Instead they…
- …doubled down on their stupid security questions and called that two-factor authentication.
United has always been very bad at software systems. Now they just reached their lowest point.