Honors Login Update
#256
Join Date: Jan 2003
Posts: 3,782
Are you using Chrome browser? I found that using Chrome browser allows me to login just by checking the box without code. With Firefox, it still asked me for the code. It is probably because Google owns both Captcha and Chrome.
#258
Join Date: Jul 2013
Location: Gulf Coast
Programs: Hilton Honors Lifetime Diamond; National Car Rental Executive Elite
Posts: 2,302
Is this a case of Hilton IT thinking this is acceptable? Are they so out of touch that this is considered good performance?
1. Bonus points take 6-8 weeks to post. Every other travel entity I deal with posts points/credits/miles within 48 hours. Hilton even posts stay credits (nights, stays, and points) quickly. Even the 100k Diamond Bonus posted in 90 seconds!
2. I can log-in with the following combinations of credentials...Username and old PIN; Username and new password; HHonors# and PIN; and HHonors# and new password. How is this more secure?
3. No email was sent stating my password had been changed. Almost every other entity I deal with (banks, airlines, etc.) sends an email to the address on file saying "Your password has been changed. If this is not correct, please contact us immediately." I don't receive emails from Hilton anyways despite my address being on file and no emails in my spam/trash folders, but this is a basic security step that Hilton lacks.
4. Regardless of web browser, in January and February, I was able to log-in by just clicking the "I'm not a robot" box. Now, I'm back to Captchas.
Hilton IT is trending in the WRONG direction in both usability and security.
I understand Erin is the just the messenger, but do our concerns really make it back to corporate IT? Are they receptive? Are they utilizing current processes and technologies to ensure the security of our information and accounts?
1. Bonus points take 6-8 weeks to post. Every other travel entity I deal with posts points/credits/miles within 48 hours. Hilton even posts stay credits (nights, stays, and points) quickly. Even the 100k Diamond Bonus posted in 90 seconds!
2. I can log-in with the following combinations of credentials...Username and old PIN; Username and new password; HHonors# and PIN; and HHonors# and new password. How is this more secure?
3. No email was sent stating my password had been changed. Almost every other entity I deal with (banks, airlines, etc.) sends an email to the address on file saying "Your password has been changed. If this is not correct, please contact us immediately." I don't receive emails from Hilton anyways despite my address being on file and no emails in my spam/trash folders, but this is a basic security step that Hilton lacks.
4. Regardless of web browser, in January and February, I was able to log-in by just clicking the "I'm not a robot" box. Now, I'm back to Captchas.
Hilton IT is trending in the WRONG direction in both usability and security.
I understand Erin is the just the messenger, but do our concerns really make it back to corporate IT? Are they receptive? Are they utilizing current processes and technologies to ensure the security of our information and accounts?
#259
FlyerTalk Evangelist
Join Date: Mar 2014
Location: 4éme
Posts: 11,957
#260
Join Date: Jul 1999
Location: Land of 10,000 Upgrades
Posts: 9,465
And then this shows up in my inbox a few minutes ago with an .html attachment:
From: [email protected]
To: UpgradeMe
Subject: Hilton HHonors Security Update
Newsletter attached
To unsubscribe, send email to:
[email protected]
And I'm expected to open the .html attachment? Are they serious?
From: [email protected]
To: UpgradeMe
Subject: Hilton HHonors Security Update
Newsletter attached
To unsubscribe, send email to:
[email protected]
And I'm expected to open the .html attachment? Are they serious?
#261
Join Date: Nov 2009
Location: Austin
Programs: AA EXP +2MM- LT PLT! HH Diamond
Posts: 6,075
Change Password Alert on Hilton.com
Getting the following notice when I first get to the Hilton.com home page:
"HHonors Security Alert: Update your password now and earn 1,000 HHonors Bonus Points.
As of April 1, 2015, all members will be required to update their PIN, or current password, to a new and secure password. Update your password now by visiting the Personal Information section of your account profile."
Is everyone seeing this and getting the same alert?
"HHonors Security Alert: Update your password now and earn 1,000 HHonors Bonus Points.
As of April 1, 2015, all members will be required to update their PIN, or current password, to a new and secure password. Update your password now by visiting the Personal Information section of your account profile."
Is everyone seeing this and getting the same alert?
#262
Moderator: Hilton Honors forums
Join Date: Dec 2002
Location: Marietta, Georgia, United States
Posts: 24,989
And then this shows up in my inbox a few minutes ago with an .html attachment:
From: [email protected]
To: UpgradeMe
Subject: Hilton HHonors Security Update
Newsletter attached
To unsubscribe, send email to:
[email protected]
And I'm expected to open the .html attachment? Are they serious?
From: [email protected]
To: UpgradeMe
Subject: Hilton HHonors Security Update
Newsletter attached
To unsubscribe, send email to:
[email protected]
And I'm expected to open the .html attachment? Are they serious?
Is it possible that this could be “spam” from a third party attempting to capitalize on the security issues of the Hilton HHonors frequent guest loyalty program?
If I am suspicious of an e-mail message, what I will do is hover the cursor over links to see the actual URLs included to ensure that the e-mail message is legitimate...
#263
FlyerTalk Evangelist
Join Date: Jun 2003
Location: DEN
Programs: UA MM Plat; AA MM Gold; HHonors Diamond
Posts: 15,866
Boilerplate. I suspect that the points will post much sooner than that.
#265
Join Date: Aug 2009
Posts: 451
Getting the following notice when I first get to the Hilton.com home page:
"HHonors Security Alert: Update your password now and earn 1,000 HHonors Bonus Points.
As of April 1, 2015, all members will be required to update their PIN, or current password, to a new and secure password. Update your password now by visiting the Personal Information section of your account profile."
Is everyone seeing this and getting the same alert?
"HHonors Security Alert: Update your password now and earn 1,000 HHonors Bonus Points.
As of April 1, 2015, all members will be required to update their PIN, or current password, to a new and secure password. Update your password now by visiting the Personal Information section of your account profile."
Is everyone seeing this and getting the same alert?
#266
Join Date: Oct 2012
Posts: 24
With my points expiring early April, it's worth $10 to me that they do! Either way, it stinks of an inability to automate anything when other programs would post them instantly, and it stinks of a manual sweep after the promo.
#267
Join Date: Nov 2013
Location: HEL
Programs: AY, SK, TK
Posts: 7,581
This looks like an IHG IT project. I have changed my password a few times within the last days, but it keeps asking me to change it and only accepts my old password.
#268
Join Date: Mar 2009
Location: TRI/WAS/CLT
Programs: HH Diamond, Marriott Gold,Hyatt Diamond
Posts: 351
And then this shows up in my inbox a few minutes ago with an .html attachment:
From: [email protected]
To: UpgradeMe
Subject: Hilton HHonors Security Update
Newsletter attached
To unsubscribe, send email to:
[email protected]
And I'm expected to open the .html attachment? Are they serious?
From: [email protected]
To: UpgradeMe
Subject: Hilton HHonors Security Update
Newsletter attached
To unsubscribe, send email to:
[email protected]
And I'm expected to open the .html attachment? Are they serious?
#269
Join Date: Nov 2004
Location: PDX
Programs: AA LT PLT (3.6+ MM), UA 1K LT Gold, Hilton LT Diamond, Bonvoy Gold.
Posts: 1,655
Is this a case of Hilton IT thinking this is acceptable? Are they so out of touch that this is considered good performance?
1. Bonus points take 6-8 weeks to post. Every other travel entity I deal with posts points/credits/miles within 48 hours. Hilton even posts stay credits (nights, stays, and points) quickly. Even the 100k Diamond Bonus posted in 90 seconds!
2. I can log-in with the following combinations of credentials...Username and old PIN; Username and new password; HHonors# and PIN; and HHonors# and new password. How is this more secure?
3. No email was sent stating my password had been changed. Almost every other entity I deal with (banks, airlines, etc.) sends an email to the address on file saying "Your password has been changed. If this is not correct, please contact us immediately." I don't receive emails from Hilton anyways despite my address being on file and no emails in my spam/trash folders, but this is a basic security step that Hilton lacks.
4. Regardless of web browser, in January and February, I was able to log-in by just clicking the "I'm not a robot" box. Now, I'm back to Captchas.
Hilton IT is trending in the WRONG direction in both usability and security.
I understand Erin is the just the messenger, but do our concerns really make it back to corporate IT? Are they receptive? Are they utilizing current processes and technologies to ensure the security of our information and accounts?
1. Bonus points take 6-8 weeks to post. Every other travel entity I deal with posts points/credits/miles within 48 hours. Hilton even posts stay credits (nights, stays, and points) quickly. Even the 100k Diamond Bonus posted in 90 seconds!
2. I can log-in with the following combinations of credentials...Username and old PIN; Username and new password; HHonors# and PIN; and HHonors# and new password. How is this more secure?
3. No email was sent stating my password had been changed. Almost every other entity I deal with (banks, airlines, etc.) sends an email to the address on file saying "Your password has been changed. If this is not correct, please contact us immediately." I don't receive emails from Hilton anyways despite my address being on file and no emails in my spam/trash folders, but this is a basic security step that Hilton lacks.
4. Regardless of web browser, in January and February, I was able to log-in by just clicking the "I'm not a robot" box. Now, I'm back to Captchas.
Hilton IT is trending in the WRONG direction in both usability and security.
I understand Erin is the just the messenger, but do our concerns really make it back to corporate IT? Are they receptive? Are they utilizing current processes and technologies to ensure the security of our information and accounts?
I am in exactly the same boat with one additional added 'feature'. I have not been able to login to the complimentary WIFI at 3 different hotels last week. I get an incorrect ID or password error. Hilton IT no 'helpdesk' are busy picking fluff out of their navel and contemplating itching their privates. They promised to call me back sometime in the next millennium.
#270
Join Date: Apr 2013
Location: Lehigh Valley, Pennsylvania
Programs: Milege+, SkyMiles, AAdvantage, HHonors Diamond, Marriott Gold
Posts: 1,684
+1.
I am in exactly the same boat with one additional added 'feature'. I have not been able to login to the complimentary WIFI at 3 different hotels last week. I get an incorrect ID or password error. Hilton IT no 'helpdesk' are busy picking fluff out of their navel and contemplating itching their privates.
I am in exactly the same boat with one additional added 'feature'. I have not been able to login to the complimentary WIFI at 3 different hotels last week. I get an incorrect ID or password error. Hilton IT no 'helpdesk' are busy picking fluff out of their navel and contemplating itching their privates.