Customers and researchers alike are chastising United Airlines' attempt at using two-factor authentication to secure its MileagePlus account holders.
Earlier this month, the airline added two-factor authentication to its sign in process requiring customers to choose from preset answers and questions in order to verify their accounts.
Citing the threat of “keystroke logging” software, the airline doesn't allow users to type in their own unique answers, according to United's PIN and passwords FAQ page.
“The majority of security issues our customers face can be traced to computer viruses that record typing, and using predefined answers protects against this type of intrusion,” the page said.
Despite the airline's reasoning, the implementation of the practice was met with criticism including that of Krebs on Security who argued that any malware with keystroke logging capabilities likely also uses “form grabbing” which would also record a users answer regardless, according to an Aug. 24 blog post.