Consolidated "CAPTCHA for logging in?" thread
 

Anybody else getting a CAPTCHA this morning trying to log in to HHonors? Of course, the website was still down afterword. But having the CAPCHA was a first for me. I'm totally okay with it though, since it makes it tougher to brute force passwords and login credentials.

I noticed the same thing earlier today. It almost certainly has to do with the large number of reports of people having their HHonors account hacked, maybe this simply happened by an automatic system attempting to log in via the outdated and insecure 4 digit pincode system.

I think I would rather have the option of using a longer pass-code instead of having to type in a random generated word.

I couldn't even get the sign-in page at the HHonors site, but the Hampton Inn site let me log in and indeed has a captcha. Took three refreshes before I got one that I could actually read.

Oh my. This is truly awful. Hate these things.

I'm getting the CAPTCHA too today. Agreed that it's likely a quick bandaid due to the recent reports of hacked accounts. I'd expect a better long term solution in the not too distant future (e.g. no more 4-digit PINs), but this is just an immediate fix.

Was able to log on to iPhone Hilton app just now without having to navigate the captcha gauntlet.

This might be a stupid question, but why don't people just use a password instead of a PIN? I've used a password every since signing up for HH.

Yes, indeed - seeing it too.

I didn't mind that it was one simple three-digit number; I can't stand it when they ask for two, difficult to make out ones.

Because I believe you are forced to create a four-digit PIN even if you never want to use it. So a PIN or password will work. :td:

The "bad guys" just figure out PIN's and don't bother with a password.

Is Hilton insane? Do they simply want people to stop using their website? Is some sort of a bot automatically logging into Hilton accounts a realistic threat? What could they do even if they did get access?

I can't imagine a customer-facing company with a more incompetent IT department.

Personally I have no problem with a captcha. What I am curious about is whether the new log-in page will finally "Remember Me"

It's probably a temporary fix. My guess is they will remove pin based access soon enough.

Pins are simply too easy to crack compared to words...and most people choose the simplest pin of 0000 or 1234.