Quick update on United’s Account Security Changes

A few weeks ago United started making changes to the account security parameters for MileagePlus members. At the time I suggested avoiding the changes as long as possible given some quirks in the way the system was rolling out. I’m still not a fan of the way it is being deployed or the choices united made in setting up the new system but fighting it is futile so the best advice I can offer is to go in aware of the changes and to make smart choices based on that.

Among these smart choices:

  • If you do not know the password on your account change it now, before setting up the other new security questions.
  • Write down the answers to your 5 “security” questions.  Generally writing down passwords is bad but FF accounts aren’t what most attackers are going for and odds of remembering them all otherwise are astonishingly low.
  • Stop trying to figure out how or why airlines do things like this. I know the heart is in the right place but this implementation sucks and I’m surprised anyone thought it was a good idea. Besides, trying to resist it is less likely to be successful than jousting with windmills.

So, yeah, it sucks. But I still like the points I have in the program enough to put up with it.

Never miss another post: Sign up for email alerts and get only the content you want direct to your inbox.

Seth Miller

I'm Seth, also known as the Wandering Aramean. I was bit by the travel bug 30 years ago and there's no sign of a cure. I fly ~200,000 miles annually; these are my stories. You can connect with me on Twitter, Facebook, and LinkedIn.


  1. I write some of my passwords and security questions – that I’m not likely to recall – in a notebook at home. I figure if someone breaks into my house I’ve got bigger problems than worrying whether they’ll find the notebook and steal it.

    These security questions United has are pretty ridiculous, though they’re not alone in that I’m afraid. One time a site had just a few options for questions – things like city where you met your spouse, city where you went to high school, and city where you had your first job. Those 3 things all occurred in the same city for me. However the site wouldn’t accept my answers because it wouldn’t allow the same answer more than once! Good lord.

  2. For websites that only offer really difficult security questions, my answers include the question. For example, if the question is “What was the color of your high school mascot?” I take the most distinguished thing (the mascot) and provide an answer like in the form of – e.g. “lucky-mascot”. This ensures that I remember the answer and that United doesn’t have any hackable, useful information about me.

    1. The United system makes you pick your answer from a predefined drop down list.

Comments are closed.