Go Back  FlyerTalk Forums > Miles&Points > Hotels and Places to Stay > Hilton | Hilton Honors
Reload this Page >

Consolidated "CAPTCHA for logging in?" thread

Consolidated "CAPTCHA for logging in?" thread

    Hide Wikipost
Old May 22, 22, 6:31 am   -   Wikipost
Please read: This is a community-maintained wiki post containing the most important information from this thread. You may edit the Wiki once you have been on FT for 90 days and have made 90 posts.
 
Last edit by: davie355
Wiki Link
HHonors Sign In (if the link has disappeared)

https://secure3.hilton.com/en/hh/cus...ogin/index.htm
Print Wikipost

Old Oct 8, 14, 8:13 am
  #1  
Original Poster
 
Join Date: Jun 2013
Programs: DL Plat, Hilton Diamond, Marriott Plat, IHG Plat, Hertz Prez Circle, National Exec
Posts: 1,320
Consolidated "CAPTCHA for logging in?" thread

Anybody else getting a CAPTCHA this morning trying to log in to HHonors? Of course, the website was still down afterword. But having the CAPCHA was a first for me. I'm totally okay with it though, since it makes it tougher to brute force passwords and login credentials.
jalves likes this.
Zeeb is offline  
Old Oct 8, 14, 8:27 am
  #2  
 
Join Date: Aug 2008
Location: DUS
Programs: UA Gold, FB, Hilton Diamond, Marriott Gold
Posts: 132
Originally Posted by Zeeb View Post
Anybody else getting a CAPTCHA this morning trying to log in to HHonors? Of course, the website was still down afterword. But having the CAPCHA was a first for me. I'm totally okay with it though, since it makes it tougher to brute force passwords and login credentials.
I noticed the same thing earlier today. It almost certainly has to do with the large number of reports of people having their HHonors account hacked, maybe this simply happened by an automatic system attempting to log in via the outdated and insecure 4 digit pincode system.
xandern is offline  
Old Oct 8, 14, 8:48 am
  #3  
 
Join Date: Sep 2011
Location: SFO/SMF
Programs: Holder of six "persona non-grata" awards
Posts: 1,904
I think I would rather have the option of using a longer pass-code instead of having to type in a random generated word.
fozziedoggie is offline  
Old Oct 8, 14, 8:58 am
  #4  
Moderator Hilton Honors, Travel News, West, The Suggestion Box, Smoking Lounge & DiningBuzz
 
Join Date: Jun 2000
Programs: AS MVP Gold, Honors Diamond, Hertz Presidents Circle, National Exec Elite
Posts: 35,232
I couldn't even get the sign-in page at the HHonors site, but the Hampton Inn site let me log in and indeed has a captcha. Took three refreshes before I got one that I could actually read.
cblaisd is offline  
Old Oct 8, 14, 9:00 am
  #5  
 
Join Date: Feb 2013
Location: DCA
Posts: 7,283
Oh my. This is truly awful. Hate these things.
arlflyer is offline  
Old Oct 8, 14, 9:07 am
  #6  
 
Join Date: May 2010
Location: PHL
Programs: AA EXP, UA *S, Hilton Diamond, Marriott Titanium, Hyatt Exp, IHG Plat, National EE, Sixt Plat
Posts: 640
I'm getting the CAPTCHA too today. Agreed that it's likely a quick bandaid due to the recent reports of hacked accounts. I'd expect a better long term solution in the not too distant future (e.g. no more 4-digit PINs), but this is just an immediate fix.
sjpmurph01 is offline  
Old Oct 8, 14, 10:01 am
  #7  
 
Join Date: Feb 2005
Location: JNU
Programs: HH D, AS MM/MVPG for life/AL, Awesome Wipes VIP Club, NEXUS, Hertz 5-Star Gold
Posts: 2,866
Was able to log on to iPhone Hilton app just now without having to navigate the captcha gauntlet.
dave1013 is offline  
Old Oct 8, 14, 10:59 am
  #8  
 
Join Date: May 2006
Location: SAN
Programs: Lots of faux metal
Posts: 5,805
This might be a stupid question, but why don't people just use a password instead of a PIN? I've used a password every since signing up for HH.
skunker is offline  
Old Oct 8, 14, 11:26 am
  #9  
 
Join Date: May 2005
Location: Cote d'Ivoire
Programs: OW Emerald - HH Diamond
Posts: 3,275
Yes, indeed - seeing it too.
Abidjan is offline  
Old Oct 8, 14, 11:54 am
  #10  
FlyerTalk Evangelist
IHG Contributor BadgeMarriott Contributor Badge
 
Join Date: Aug 2001
Location: RSW
Programs: Delta - Silver; UA - Silver; HHonors - Diamond; IHG - Spire Ambassador; Marriott Bonvoy - Titanium
Posts: 14,001
I didn't mind that it was one simple three-digit number; I can't stand it when they ask for two, difficult to make out ones.
Points Scrounger is offline  
Old Oct 8, 14, 12:02 pm
  #11  
 
Join Date: Sep 2011
Location: SFO/SMF
Programs: Holder of six "persona non-grata" awards
Posts: 1,904
Originally Posted by skunker View Post
This might be a stupid question, but why don't people just use a password instead of a PIN? I've used a password every since signing up for HH.
Because I believe you are forced to create a four-digit PIN even if you never want to use it. So a PIN or password will work.

The "bad guys" just figure out PIN's and don't bother with a password.
fozziedoggie is offline  
Old Oct 8, 14, 1:50 pm
  #12  
 
Join Date: Jun 2005
Location: AUS
Programs: AA Exec Platinum/MM, DL Silver/MM, Hilton Diamond, Hertz 5* Gold
Posts: 6,447
Is Hilton insane? Do they simply want people to stop using their website? Is some sort of a bot automatically logging into Hilton accounts a realistic threat? What could they do even if they did get access?

I can't imagine a customer-facing company with a more incompetent IT department.
Stripe is offline  
Old Oct 8, 14, 2:06 pm
  #13  
 
Join Date: May 2012
Location: AMS
Programs: BA KL LH Hilton Marriott
Posts: 1,113
Personally I have no problem with a captcha. What I am curious about is whether the new log-in page will finally "Remember Me"
sbams is offline  
Old Oct 8, 14, 2:26 pm
  #14  
Original Poster
 
Join Date: Jun 2013
Programs: DL Plat, Hilton Diamond, Marriott Plat, IHG Plat, Hertz Prez Circle, National Exec
Posts: 1,320
Originally Posted by Stripe View Post
Is Hilton insane? Do they simply want people to stop using their website? Is some sort of a bot automatically logging into Hilton accounts a realistic threat? What could they do even if they did get access
http://www.flyertalk.com/forum/hilto...r-changed.html
Zeeb is offline  
Old Oct 8, 14, 2:46 pm
  #15  
 
Join Date: Sep 2013
Location: Paradise
Posts: 1,486
It's probably a temporary fix. My guess is they will remove pin based access soon enough.

Pins are simply too easy to crack compared to words...and most people choose the simplest pin of 0000 or 1234.
Yellowjj is offline  

Thread Tools
Search this Thread