Oct 22, 2014, 4:27 pm

FlyerTalk Forums Expert How-Tos and Guides

Last edit by: davie355

HHonors Sign In (if the link has disappeared)

https://secure3.hilton.com/en/hh/customer/login/index.htm

Consolidated "CAPTCHA for logging in?" thread

Reply Subscribe

Thread Tools

Search this Thread

Oct 8, 2014, 8:13 am

Zeeb

Original Poster

Join Date: Jun 2013

Programs: DL Plat, Hilton Diamond, Marriott Plat, IHG Plat, Hertz Prez Circle, National Exec

Posts: 1,357

Consolidated "CAPTCHA for logging in?" thread

Anybody else getting a CAPTCHA this morning trying to log in to HHonors? Of course, the website was still down afterword. But having the CAPCHA was a first for me. I'm totally okay with it though, since it makes it tougher to brute force passwords and login credentials.

jalves likes this.

Oct 8, 2014, 8:27 am

xandern

Join Date: Aug 2008

Location: DUS

Programs: UA Gold, FB, Hilton Diamond, Marriott Gold

Posts: 134

Quote:

Originally Posted by Zeeb

I noticed the same thing earlier today. It almost certainly has to do with the large number of reports of people having their HHonors account hacked, maybe this simply happened by an automatic system attempting to log in via the outdated and insecure 4 digit pincode system.

Oct 8, 2014, 8:48 am

fozziedoggie

Join Date: Sep 2011

Location: SFO/SMF

Programs: Holder of six "persona non-grata" awards

Posts: 1,914

I think I would rather have the option of using a longer pass-code instead of having to type in a random generated word.

Oct 8, 2014, 8:58 am

cblaisd

Moderator Hilton Honors, Travel News, West, The Suggestion Box, Smoking Lounge & DiningBuzz

Join Date: Jun 2000

Programs: Honors Diamond, Hertz Presidents Circle, National Exec Elite

Posts: 36,018

I couldn't even get the sign-in page at the HHonors site, but the Hampton Inn site let me log in and indeed has a captcha. Took three refreshes before I got one that I could actually read.

Oct 8, 2014, 9:00 am

arlflyer

Join Date: Feb 2013

Location: DCA

Posts: 7,769

Oh my. This is truly awful. Hate these things.

Oct 8, 2014, 9:07 am

sjpmurph01

Join Date: May 2010

Location: PHL

Programs: AA EXP, UA *S, Hilton Diamond, Marriott Titanium, Hyatt Exp, IHG Plat, National EE, Sixt Plat

Posts: 648

I'm getting the CAPTCHA too today. Agreed that it's likely a quick bandaid due to the recent reports of hacked accounts. I'd expect a better long term solution in the not too distant future (e.g. no more 4-digit PINs), but this is just an immediate fix.

Oct 8, 2014, 10:01 am

dave1013

Join Date: Feb 2005

Location: JNU

Programs: HH D, AS MM/MVPG for life/AL, Awesome Wipes VIP Club, NEXUS, Hertz 5-Star Gold

Posts: 2,893

Was able to log on to iPhone Hilton app just now without having to navigate the captcha gauntlet.

Oct 8, 2014, 10:59 am

skunker

Join Date: May 2006

Location: SAN

Programs: Lots of faux metal

Posts: 6,416

This might be a stupid question, but why don't people just use a password instead of a PIN? I've used a password every since signing up for HH.

Oct 8, 2014, 11:26 am

Abidjan

Join Date: May 2005

Location: Cote d'Ivoire

Programs: OW Emerald - HH Diamond

Posts: 3,414

Yes, indeed - seeing it too.

Oct 8, 2014, 11:54 am

#10

Points Scrounger

FlyerTalk Evangelist

Join Date: Aug 2001

Location: RSW

Programs: Delta - Silver; UA - Silver; HHonors - Diamond; IHG - Spire Ambassador; Marriott Bonvoy - Titanium

Posts: 14,185

I didn't mind that it was one simple three-digit number; I can't stand it when they ask for two, difficult to make out ones.

Oct 8, 2014, 12:02 pm

#11

fozziedoggie

Join Date: Sep 2011

Location: SFO/SMF

Programs: Holder of six "persona non-grata" awards

Posts: 1,914

Quote:

Originally Posted by skunker

This might be a stupid question, but why don't people just use a password instead of a PIN? I've used a password every since signing up for HH.

Because I believe you are forced to create a four-digit PIN even if you never want to use it. So a PIN or password will work.

The "bad guys" just figure out PIN's and don't bother with a password.

Oct 8, 2014, 1:50 pm

#12

Stripe

Join Date: Jun 2005

Location: AUS

Programs: AA Exec Platinum/MM, DL Gold/MM, Hilton Diamond, Accor Platinum, Hertz Presidents Circle

Posts: 6,961

Is Hilton insane? Do they simply want people to stop using their website? Is some sort of a bot automatically logging into Hilton accounts a realistic threat? What could they do even if they did get access?

I can't imagine a customer-facing company with a more incompetent IT department.

Oct 8, 2014, 2:06 pm

#13

sbams

Join Date: May 2012

Location: AMS

Programs: BA KL LH Hilton Marriott

Posts: 1,230

Personally I have no problem with a captcha. What I am curious about is whether the new log-in page will finally "Remember Me"

Oct 8, 2014, 2:26 pm

#14

Zeeb

Original Poster

Join Date: Jun 2013

Programs: DL Plat, Hilton Diamond, Marriott Plat, IHG Plat, Hertz Prez Circle, National Exec

Posts: 1,357

Quote:

Originally Posted by Stripe

http://www.flyertalk.com/forum/hilto...r-changed.html

Oct 8, 2014, 2:46 pm

#15

Yellowjj

Join Date: Sep 2013

Location: Paradise

Posts: 1,617

It's probably a temporary fix. My guess is they will remove pin based access soon enough.

Pins are simply too easy to crack compared to words...and most people choose the simplest pin of 0000 or 1234.

Reply Share

First
Prev
1 / 36
Next
Last

Forum Jump