Your browser does not support Javascript, or you have disabled it. Therefore, some portions of this page may not work properly.
Putting United Health Care (UHC) "Security" to the Test
Today I called United Health Care (UHC) customer service. The call was answered by a nice lady, "E" in Texas.

She suggested we use the UHC website to coordinate. I tried to re-establish my existing online account. It found my ID from phone and other info and transferred me to a login page. I tried to sign in using pretyped ID supplied by system and the password recorded in my old manual records; used to work, but...

System asked for answers to "security" questions: Some security; this is what websites were doing in the 1990s. I estimate there are scores if not hundreds of old friends who could correctly guess my answers. (One was what was my first phone number, so I gave it as it then was, seven digits, as I'm much older than area codes.) "Secret questions" are, of course, a security technique that went out with high-button shoes.

After my several attempts with correct answers, it bailed out and locked the account with the following:

"Error: We have no record of your email address, phone number or security questions, so we’re unable to find your account information. Please call us at 1-877-844-4999 24 hours a day, 7 days a week. Call us 24 hours a day, 7 days a week with any website or technical questions or issues."

I was still simultaneously on line with "E", who confirmed that all that data was in fact on her screen.

(BTW, It's OK to spam call those numbers, as the response time is already so bad that no one will notice the difference.)

During several on-hold periods, I learned that E's father shared my birthday. Sadly he's passed away, so we cannot celebrate together.

Was transferred by "E" to tech support. We started over.

First thing was to go to the website. She sent me to one that responded with an instruction to update my Flash plugin. I don't allow Flash within a mile of my computer for security reasons, so I refused. She then sent me to another URL.

Gave it the login name and clicked the lost password link; it gave me the same "security questions" but this time I asked the agent whether they were case sensitive. She said Yes. I typed my old password, substituting a Capital for one of the letters as stated in their new instructions (of course I have no idea what it required a decade ago when I set up the account).

System responded that I could not re-use an old password. Now, if it's case sensitive, it was not the same string, so either it is not C-S or someone was lying.

So I made up a new password, created new "secret" questions and finally got signed in. Elapsed time: One hour, 50 minutes at last look, actually more.

These are the folks protecting the integrity of my health care and other personal data and that of millions of others. Need I say more?

Sign in to post a comment!

Home • Genealogy • Miscellany • Contacts • Podcast