Originally Posted by
jtuttle
reCaptcha is a "BOT" defense to be used on user sign-up pages to keep "BOTS" from signing up to spam the site. The use of reCaptcha on a LOGIN page will only slightly slow the hacker down. Getting rid of all pins and using passwords will not put a major disturbance in the customers experience on the HHonors site. As for me, the disruption caused by the reCaptcha on the login page of HHonors is a deal breaker. I and my 270 days a year account will have to find another chain, if recaptcha is not gone from the login page in a week. If the Hilton IT team thinks that reCaptcha stops hackers then my credit card info is in the wrong hands.
The Hyperbole is strong in this one,
A significant number of accounts were hacked and huge numbers of points and data was taken. I am happy that HH acted relatively quick and added as what I assume is a temporary security step.
A key 3rd step is to block accounts for an hour is 3 false attempts were made to login and to trigger am automatic email to the account owner. This will make sure that besides bots also the sweatshop kids wont be able to try 9999 times to get access.
Going forward the membership number with pin login type should be abandoned. At least a user name with password is a lot less structured and a simple systematic trying of 4 numbers wont work. Still keep the notification when password failures occur.
Globalist