United Airlines says cockpit door access info may have been made public - CBS News (http://www.cbsnews.com/news/united-airlines-says-cockpit-door-access-information-may-have-been-made-public/)
"United Airlines said in a "Safety Alert" emailed to employees that information regarding its flight deck access security procedures "may have been compromised," CBS News transportation correspondent Kris Van Cleave reports.

It also said in an emailed statement to CBS News that "some cockpit door access information may have been made public."

The email to employees, sent on Saturday, was short on specifics. But the airline said it was working on a "corrective action plan," noting that pilots have been asked to review procedures during briefings."

it's my understanding that there was some noise on social media about flight deck codes, but no evidence was found

If more than two people know it, how can it be a secret?

It's not much of a secret. My airline employer recommends cabin crew hand the code over if in fear of their or others lives. The flight crew assess and override any coded request as necessary.

How about you delete this?

If the airline has a two-person cockpit policy, there is no need for a code at all. Even if one pilot has gone for a comfort break, someone can open the door from the inside. Before we get into the "what would a little hostie do in a case like the German Wings, where she wouldn't have the strength to overpower a determined man?", the answer is simple Open the :mad: door. Both companies I flew with post 9/11 had both, a two-person cockpit, and a coded door.

United do have a 2-person cockpit policy.

Some other airlines don't.

Both viewpoints can be deemed sensible.

Oh dear....the bad pilot simply sets the automatics for a high-speed descent to the ground on its heading, then gets up to block the door and the crew member before he/she knows what bad pilot has done. And no need to use bad language there, Herod

If the airline has a two-person cockpit policy, there is no need for a code at all. Even if one pilot has gone for a comfort break, someone can open the door from the inside.
And what happens if the one inside is incapacitated (medical issue, etc.)?

And what happens if the one inside is incapacitated (medical issue, etc.)?

That is why you have a TWO-PERSON policy. So the other one can open the door.

And what happens if the one inside is incapacitated (medical issue, etc.)?

Those that use the "single pilot" procedure know the safeguards, I'm not sure there's any reason to discuss them in detail here...

TBH I think ImbracableClunk made a good point back in permalink #5, but I'm a bit old fashioned abut these things.

Even if one pilot has gone for a comfort break, someone can open the door from the inside.

Surely only one person can open the door from the inside in such a situation.... or did you mean "from the outside" ?

Naive question coming up.

Someone I know works for a well-known computing company. He told some of us that he has to have a 32 character password, containing no recognisable sequences such as real words, not written down anywhere, and changed every two weeks.

I'm not suggesting that airliner doors need to be that elaborate, but surely occasional changes are in order?

At a local ATM, I notice that the number 1 is more worn than the others. I have no idea what these cabin locks look like, but if the code stays the same for months, it may become easier to guess.

That's actually a monumentally stupid password policy, just take a read of the following if you don't believe me: https://www.schneier.com/blog/archives/2016/08/frequent_passwo.html (I find it hard to believe people wouldn't write those passwords down...)

Now I've seen pilots and FAs carry books of codes for airport doors, so I wonder if the same applies to cockpit doors. In which case you could just invalidate the codes and send out a new set.

At a local ATM, I notice that the number 1 is more worn than the others. I have no idea what these cabin locks look like...

Perhaps because most ATMs in the US display a screen that reads "press 1 for English?"

Also, at least at my ATM, pressing the "1" key gives up fast cash in the realm of $40, which is what I think most folks choose.

That's actually a monumentally stupid password policy, just take a read of the following if you don't believe me...

Completely correct.

The secret to a successful password is an arcane string, not something one would have to write down.

A brute force attack will eventually reveal any password. Especially on badly configured systems which allow unlimited guesses.

The whole idea of a password is to achieve something only the user knows by heart.

A string of 32 characters, with punctuation and random caps doesn't fit.

Perhaps because most ATMs in the US display a screen that reads "press 1 for English?"

Also, at least at my ATM, pressing the "1" key gives up fast cash in the realm of $40, which is what I think most folks choose.

Here in the UK and elsewhere in Europe, the language selection is usually automatic (or no option given anyway)

And the function then amount selection buttons are alongside the screen, separate from the bottom keypad, which is only used for other amount, i.e. the less common ones

So perhaps you can find someone else to patronise.

That's actually a monumentally stupid password policy, just take a read of the following if you don't believe me: https://www.schneier.com/blog/archives/2016/08/frequent_passwo.html (I find it hard to believe people wouldn't write those passwords down...)


That article refers to changing only one out of 10 characters.

Not quite the same as changing most or all of a larger string.

How about just remove those door locks. They were a knee-jerk reaction to 911.

You can still have the doors, this will slow them down, but in reality if someone is prepared to get in, they are prepared to get in.

Agreed. I think that what the security experts fail to recognize is that post-9/11, the mindset changed. Before that, if (as a passenger) your plane was hijacked, chances were good that all it meant was that you were going to be inconvenienced by a side trip to some third-world country. Now - it's unlikely that those hijackers just want a ride somewhere. It makes it a lot less likely that passengers are just going to sit there like sheep and let the hijackers do as they choose - and even if the hijackers are armed, there are a lot more non-terrorists than there are terrorists in the back of the plane.

We still need the coded doors. The only legitimate circumstance when I really have to type the access code, is when we have both locked ourselves out when parked at the gate.
And I will not elaborate. You will understand what I mean, or you are not entitled to know.

A 32 Character pw that you cannot write down-and has no recognisable sequences, come off it. Extensive research on issues like code words phone numbers shows that most people struggle to remember more than 8 characters or numbers unless they have double characters, like 8 8 7 7 or are set up, in the case of numbers in pairs so 45 56 78 98 is easier to remember than 4 5 5 6 7 8 9 8.

If your PW cannot have a series or recognisable words no one is going to remember 32 characters - just try it

Of course. The idea is that the pw is copied from a secure app on a mobile device. But in fact even 8 - 10 chars would be enough.