I’m not sure when it happened, but https://www.discovercard.com has now increased the maximum allowed password length from 10 to 16 characters. If you’re concerned someone trying brute force your password, go change your password.
Category Archives: News
United’s Insecure Login Page
One of United Airlines login pages potentially sends login credentials in plaintext. www.united.com/web/en-US/apps/account/account.aspx (login page accessed by clicking “Sign In” in the upper right of the homepage)can be accessed over HTTP or HTTPS and the login form sends (POST) its contents to signin.aspx over whichever type of connection account.aspx was served from.
For a long time I didn’t think realize this was a problem, because even when www.united.com/web/en-US/Default.aspx is served over HTTP, it submits usernames and passwords over HTTPS.
It appears all United Airlines pages support HTTPS, so I recommend starting your use of United.com by browsing to https://www.united.com/.
Status
Hi everyone. I haven’t gone anywhere, I’ve just been sidetracked trying to figure out how to deal with comment spam and working on some layout updates. I’ll have some new content soon.