New Marriott Security Measures
 

There has been a large response to the account security email that was sent yesterday. Those of you who mentioned that it was valid are correct (see threads here and here). Account security is more important than ever. In the coming weeks, Marriott will be adding enhanced security features to further protect your account. Taking this one extra step now to update your profile information makes your account even more secure, and will help prevent unauthorized access.

These changes will also help prevent my access. If Marriott thinks that I will be doing 2-step authorization to make a hotel reservation, they are mistaken.

++1

Yes, this is going to suck and be an overreaction. I bet it's limited to redemptions and predict it won't be smooth or easy - just burdensome like trying to log into some banks from an "unrecognized" computer...

You're already indignantly objecting before you know how any changes will be executed. My guess is that two-factor authentication will be required for award redemptions, points transfers, profile changes, etc., but not for routine transactions. That's a pretty standard 2FA implementation for e-commerce.

Whatever the changes, I'll reserve judgment until after the facts are known.

+2
 

+2

Damn those web based MBA consultants who work for Mrt, they know how to run the meter !

So does anyone else think it's funny that both of the links marriottconciege provided links back to the 2 on flyertalk? :rolleyes:

Cheers

Not too long ago my company moved toward 2-factor authentication for many applications. Yes, it's a bit of a rigamarole, but certainly preferable to getting hacked and having to deal with the consequences of a total stranger enjoying the fruits of your labor. ;)

Something to consider for the future: Account security is indeed important which is why I'm not going to click on a link in an email asking me to update or verify account info. I was immediately suspicious of the email Marriott sent me because it asked me to click on a link. If Marriott is serious about account security then send me an email asking me to go to the Marriott website on my own and verify/update whatever info is required. Encouraging people to click on links in emails is not indicative of concern regarding security. Just my two cents.

Maybe Marriott should have a zero-liability opt-in. You can use the non-secure single authentication if you want, but you agree to hold Marriott harmless from any liability for a hack.

The people kvetching here will be the first to rant when they lose something.

So basically Marriott is asking you to provide a phone number and email to get ready for their new authentication. Presumably if you already have that and you'r e happy with it there should be no problem.

Fwiw - I thought Marriott was going to ask for a stronger password. If hackers can already access my account, they'd already have my email and phone number.

Cheers

Didn't they already increase the minimum password length a year or so ago? I remember having to go from 6 to 8 characters.

Anyway, by using password alone, Marriott seems light year ahead of IHG Club which still uses only PIN, UA which allows only PIN despite also having passwords, and even Hilton which just dropped PIN only a couple a months ago. An 8-character password (with some rules about how it must be formed) seems light-years ahead of a numeric-only 4-digit PIN!

That was my thought exactly when I got the email. I did not click a link - I went into my account to check / update. Terrible security to ask people to click an email link.

The horror of a possible extra 10-15 seconds to complete an award reservation.

I believe Marriott is at least 8 characters and has to have at least one number and one upper case letter the last time I changed it. May be misremembering that but it was about a month ago.