Go Back  FlyerTalk Forums > Miles&Points > Hotels and Places to Stay > Hilton | Hilton Honors
Reload this Page >

Consolidated "CAPTCHA for logging in?" thread

Old Oct 22, 2014, 5:27 pm
FlyerTalk Forums Expert How-Tos and Guides
Last edit by: davie355
HHonors Sign In (if the link has disappeared)

https://secure3.hilton.com/en/hh/customer/login/index.htm
Print Wikipost

Consolidated "CAPTCHA for logging in?" thread

Old Oct 8, 2014, 9:13 am
  #1  
Original Poster
 
Join Date: Jun 2013
Programs: DL Plat, Hilton Diamond, Marriott Plat, IHG Plat, Hertz Prez Circle, National Exec
Posts: 1,357
Consolidated "CAPTCHA for logging in?" thread

Anybody else getting a CAPTCHA this morning trying to log in to HHonors? Of course, the website was still down afterword. But having the CAPCHA was a first for me. I'm totally okay with it though, since it makes it tougher to brute force passwords and login credentials.
jalves likes this.
Zeeb is offline  
Old Oct 8, 2014, 9:27 am
  #2  
 
Join Date: Aug 2008
Location: DUS
Programs: UA Gold, FB, Hilton Diamond, Marriott Gold
Posts: 134
Originally Posted by Zeeb
Anybody else getting a CAPTCHA this morning trying to log in to HHonors? Of course, the website was still down afterword. But having the CAPCHA was a first for me. I'm totally okay with it though, since it makes it tougher to brute force passwords and login credentials.
I noticed the same thing earlier today. It almost certainly has to do with the large number of reports of people having their HHonors account hacked, maybe this simply happened by an automatic system attempting to log in via the outdated and insecure 4 digit pincode system.
xandern is offline  
Old Oct 8, 2014, 9:48 am
  #3  
 
Join Date: Sep 2011
Location: SFO/SMF
Programs: Holder of six "persona non-grata" awards
Posts: 1,911
I think I would rather have the option of using a longer pass-code instead of having to type in a random generated word.
fozziedoggie is offline  
Old Oct 8, 2014, 9:58 am
  #4  
Moderator Hilton Honors, Travel News, West, The Suggestion Box, Smoking Lounge & DiningBuzz
 
Join Date: Jun 2000
Programs: Honors Diamond, Hertz Presidents Circle, National Exec Elite
Posts: 35,963
I couldn't even get the sign-in page at the HHonors site, but the Hampton Inn site let me log in and indeed has a captcha. Took three refreshes before I got one that I could actually read.
cblaisd is offline  
Old Oct 8, 2014, 10:00 am
  #5  
 
Join Date: Feb 2013
Location: DCA
Posts: 7,760
Oh my. This is truly awful. Hate these things.
arlflyer is offline  
Old Oct 8, 2014, 10:07 am
  #6  
 
Join Date: May 2010
Location: PHL
Programs: AA EXP, UA *S, Hilton Diamond, Marriott Titanium, Hyatt Exp, IHG Plat, National EE, Sixt Plat
Posts: 648
I'm getting the CAPTCHA too today. Agreed that it's likely a quick bandaid due to the recent reports of hacked accounts. I'd expect a better long term solution in the not too distant future (e.g. no more 4-digit PINs), but this is just an immediate fix.
sjpmurph01 is offline  
Old Oct 8, 2014, 11:01 am
  #7  
 
Join Date: Feb 2005
Location: JNU
Programs: HH D, AS MM/MVPG for life/AL, Awesome Wipes VIP Club, NEXUS, Hertz 5-Star Gold
Posts: 2,891
Was able to log on to iPhone Hilton app just now without having to navigate the captcha gauntlet.
dave1013 is offline  
Old Oct 8, 2014, 11:59 am
  #8  
 
Join Date: May 2006
Location: SAN
Programs: Lots of faux metal
Posts: 6,339
This might be a stupid question, but why don't people just use a password instead of a PIN? I've used a password every since signing up for HH.
skunker is offline  
Old Oct 8, 2014, 12:26 pm
  #9  
 
Join Date: May 2005
Location: Cote d'Ivoire
Programs: OW Emerald - HH Diamond
Posts: 3,394
Yes, indeed - seeing it too.
Abidjan is online now  
Old Oct 8, 2014, 12:54 pm
  #10  
FlyerTalk Evangelist
IHG Contributor BadgeMarriott Contributor Badge
 
Join Date: Aug 2001
Location: RSW
Programs: Delta - Silver; UA - Silver; HHonors - Diamond; IHG - Spire Ambassador; Marriott Bonvoy - Titanium
Posts: 14,182
I didn't mind that it was one simple three-digit number; I can't stand it when they ask for two, difficult to make out ones.
Points Scrounger is offline  
Old Oct 8, 2014, 1:02 pm
  #11  
 
Join Date: Sep 2011
Location: SFO/SMF
Programs: Holder of six "persona non-grata" awards
Posts: 1,911
Originally Posted by skunker
This might be a stupid question, but why don't people just use a password instead of a PIN? I've used a password every since signing up for HH.
Because I believe you are forced to create a four-digit PIN even if you never want to use it. So a PIN or password will work.

The "bad guys" just figure out PIN's and don't bother with a password.
fozziedoggie is offline  
Old Oct 8, 2014, 2:50 pm
  #12  
 
Join Date: Jun 2005
Location: AUS
Programs: AA Exec Platinum/MM, DL Silver/MM, Hilton Diamond, Accor Platinum, Hertz Presidents Circle
Posts: 6,904
Is Hilton insane? Do they simply want people to stop using their website? Is some sort of a bot automatically logging into Hilton accounts a realistic threat? What could they do even if they did get access?

I can't imagine a customer-facing company with a more incompetent IT department.
Stripe is offline  
Old Oct 8, 2014, 3:06 pm
  #13  
 
Join Date: May 2012
Location: AMS
Programs: BA KL LH Hilton Marriott
Posts: 1,218
Personally I have no problem with a captcha. What I am curious about is whether the new log-in page will finally "Remember Me"
sbams is offline  
Old Oct 8, 2014, 3:26 pm
  #14  
Original Poster
 
Join Date: Jun 2013
Programs: DL Plat, Hilton Diamond, Marriott Plat, IHG Plat, Hertz Prez Circle, National Exec
Posts: 1,357
Originally Posted by Stripe
Is Hilton insane? Do they simply want people to stop using their website? Is some sort of a bot automatically logging into Hilton accounts a realistic threat? What could they do even if they did get access
http://www.flyertalk.com/forum/hilto...r-changed.html
Zeeb is offline  
Old Oct 8, 2014, 3:46 pm
  #15  
 
Join Date: Sep 2013
Location: Paradise
Posts: 1,613
It's probably a temporary fix. My guess is they will remove pin based access soon enough.

Pins are simply too easy to crack compared to words...and most people choose the simplest pin of 0000 or 1234.
Yellowjj is offline  

Thread Tools
Search this Thread

Contact Us - Manage Preferences - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service -

This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.