top | item 19298614

(no title)

helloka | 7 years ago

https://krebsonsecurity.com/2016/08/united-airlines-sets-min...

United began debuting new authentication systems wherein customers are asked to pick a strong password and to choose from five sets of security questions and pre-selected answers.

This has been in place for 3 years despite public shaming.

discuss

killjoywashere|7 years ago

I'm stuck flying United most of the time and I get the sense their cybersecurity posture is consistent with their broader business posture: "If you do nothing, nothing will happen. If something external forces change, deny, deny, deny." Very old school. In all the worst ways.

lbill|7 years ago

Does this mean that United Airlines is still using the inadequate system described in the article? In my opinion, public shaming is the last resort: when you tried everything and failed to make your legitimate concerns about cyber-security heard by the company, you go public and hope that the bad press creates some kind of PR issue... But what if it doesn't? What if the public shaming proves useless? What can be done then?