Oct 22, 2014, 4:27 pm

FlyerTalk Forums Expert How-Tos and Guides

Last edit by: davie355

HHonors Sign In (if the link has disappeared)

https://secure3.hilton.com/en/hh/customer/login/index.htm

Consolidated "CAPTCHA for logging in?" thread

Reply Subscribe

Thread Tools

Search this Thread

Oct 8, 2014 | 8:13 am

Zeeb

Original Poster

Join Date: Jun 2013

Programs: AA Plat Pro, ex DL Plat, Hilton Diamond, Marriott Plat, IHG Plat

Posts: 1,448

Consolidated "CAPTCHA for logging in?" thread

Anybody else getting a CAPTCHA this morning trying to log in to HHonors? Of course, the website was still down afterword. But having the CAPCHA was a first for me. I'm totally okay with it though, since it makes it tougher to brute force passwords and login credentials.

jalves likes this.

Oct 8, 2014 | 8:27 am

xandern

Join Date: Aug 2008

Location: DUS

Programs: UA Gold, FB, Hilton Diamond, Marriott Gold

Posts: 138

Quote:

Originally Posted by Zeeb

I noticed the same thing earlier today. It almost certainly has to do with the large number of reports of people having their HHonors account hacked, maybe this simply happened by an automatic system attempting to log in via the outdated and insecure 4 digit pincode system.

Oct 8, 2014 | 8:48 am

fozziedoggie

Join Date: Sep 2011

Location: SFO/SMF

Programs: Holder of six "persona non-grata" awards

Posts: 1,920

I think I would rather have the option of using a longer pass-code instead of having to type in a random generated word.

Oct 8, 2014 | 8:58 am

cblaisd

In Memoriam

Join Date: Jun 2000

Programs: Honors Diamond, Hertz Presidents Circle, National Exec Elite

Posts: 36,111

I couldn't even get the sign-in page at the HHonors site, but the Hampton Inn site let me log in and indeed has a captcha. Took three refreshes before I got one that I could actually read.

Oct 8, 2014 | 9:00 am

arlflyer

Join Date: Feb 2013

Location: DCA

Posts: 7,777

Oh my. This is truly awful. Hate these things.

Oct 8, 2014 | 9:07 am

sjpmurph01

Join Date: May 2010

Location: PHL

Programs: AA EXP, UA *S, Hilton Diamond, Marriott Titanium, Hyatt Exp, IHG Plat, National EE, Sixt Plat

Posts: 654

I'm getting the CAPTCHA too today. Agreed that it's likely a quick bandaid due to the recent reports of hacked accounts. I'd expect a better long term solution in the not too distant future (e.g. no more 4-digit PINs), but this is just an immediate fix.

Oct 8, 2014 | 10:01 am

dave1013

Join Date: Feb 2005

Location: JNU

Programs: HH D, AS Titanium/MM, Awesome Wipes VIP Club, NEXUS, OptumRx Hall of Fame, FAA retiree Class of 2009

Posts: 2,913

Was able to log on to iPhone Hilton app just now without having to navigate the captcha gauntlet.

Oct 8, 2014 | 10:59 am

skunker

Join Date: May 2006

Location: SAN

Programs: Lots of faux metal

Posts: 7,025

This might be a stupid question, but why don't people just use a password instead of a PIN? I've used a password every since signing up for HH.

Oct 8, 2014 | 11:26 am

Abidjan

Join Date: May 2005

Location: Global

Programs: BA Gold - HH Diamond

Posts: 3,542

Yes, indeed - seeing it too.

Oct 8, 2014 | 11:54 am

#10

Points Scrounger

FlyerTalk Evangelist

Join Date: Aug 2001

Location: RSW

Programs: HHonors - Diamond; IHG - Diamond; Marriott Bonvoy - Platinum

Posts: 14,289

I didn't mind that it was one simple three-digit number; I can't stand it when they ask for two, difficult to make out ones.

Oct 8, 2014 | 12:02 pm

#11

fozziedoggie

Join Date: Sep 2011

Location: SFO/SMF

Programs: Holder of six "persona non-grata" awards

Posts: 1,920

Quote:

Originally Posted by skunker

This might be a stupid question, but why don't people just use a password instead of a PIN? I've used a password every since signing up for HH.

Because I believe you are forced to create a four-digit PIN even if you never want to use it. So a PIN or password will work.

The "bad guys" just figure out PIN's and don't bother with a password.

Oct 8, 2014 | 1:50 pm

#12

Stripe

Join Date: Jun 2005

Location: AUS

Programs: AA Exec Platinum/MM, DL Gold/MM, Hilton Diamond, Accor Gold, Hertz Five Star

Posts: 7,496

Is Hilton insane? Do they simply want people to stop using their website? Is some sort of a bot automatically logging into Hilton accounts a realistic threat? What could they do even if they did get access?

I can't imagine a customer-facing company with a more incompetent IT department.

Oct 8, 2014 | 2:06 pm

#13

sbams

Join Date: May 2012

Location: AMS

Programs: BA, KL PFL, LH *G, Hilton LTD, Bonvoy T

Posts: 1,369

Personally I have no problem with a captcha. What I am curious about is whether the new log-in page will finally "Remember Me"

Oct 8, 2014 | 2:26 pm

#14

Zeeb

Original Poster

Join Date: Jun 2013

Programs: AA Plat Pro, ex DL Plat, Hilton Diamond, Marriott Plat, IHG Plat

Posts: 1,448

Quote:

Originally Posted by Stripe

http://www.flyertalk.com/forum/hilto...r-changed.html

Oct 8, 2014 | 2:46 pm

#15

Yellowjj

Join Date: Sep 2013

Location: Paradise

Posts: 1,696

It's probably a temporary fix. My guess is they will remove pin based access soon enough.

Pins are simply too easy to crack compared to words...and most people choose the simplest pin of 0000 or 1234.

Reply Share

First
Prev
1 / 36
Next
Last

Forum Jump