New Marriott Security Measures

 
Old Jul 15, 15, 1:47 pm
  #1  
Company Representative - Marriott Concierge
Original Poster
 
Join Date: Aug 2003
Location: Salt Lake City, UT
Posts: 1,083
New Marriott Security Measures

There has been a large response to the account security email that was sent yesterday. Those of you who mentioned that it was valid are correct (see threads here and here). Account security is more important than ever. In the coming weeks, Marriott will be adding enhanced security features to further protect your account. Taking this one extra step now to update your profile information makes your account even more secure, and will help prevent unauthorized access.
Marriott Concierge is offline  
Old Jul 15, 15, 3:19 pm
  #2  
 
Join Date: Oct 2005
Location: ORD, MDW or MKE
Programs: No change fees keep me tied to WN. Hilton and Choice hotels primarily.
Posts: 6,188
Originally Posted by Marriott Concierge View Post
Taking this one extra step now to update your profile information makes your account even more secure, and will help prevent unauthorized access.
These changes will also help prevent my access. If Marriott thinks that I will be doing 2-step authorization to make a hotel reservation, they are mistaken.
lougord99 is offline  
Old Jul 15, 15, 3:33 pm
  #3  
 
Join Date: Oct 2000
Programs: DL DM 2MM, AA Gold MM, Hilton LTD, Marriott LTP, Hertz PC
Posts: 639
Originally Posted by lougord99 View Post
These changes will also help prevent my access. If Marriott thinks that I will be doing 2-step authorization to make a hotel reservation, they are mistaken.
++1
den1k is offline  
Old Jul 15, 15, 4:16 pm
  #4  
 
Join Date: Oct 2001
Programs: LTP, PP
Posts: 7,991
Originally Posted by lougord99 View Post
These changes will also help prevent my access. If Marriott thinks that I will be doing 2-step authorization to make a hotel reservation, they are mistaken.
Yes, this is going to suck and be an overreaction. I bet it's limited to redemptions and predict it won't be smooth or easy - just burdensome like trying to log into some banks from an "unrecognized" computer...
joshua362 is offline  
Old Jul 15, 15, 4:25 pm
  #5  
Moderator: Alaska Mileage Plan
 
Join Date: Feb 2005
Posts: 10,430
Originally Posted by lougord99 View Post
These changes will also help prevent my access. If Marriott thinks that I will be doing 2-step authorization to make a hotel reservation, they are mistaken.
You're already indignantly objecting before you know how any changes will be executed. My guess is that two-factor authentication will be required for award redemptions, points transfers, profile changes, etc., but not for routine transactions. That's a pretty standard 2FA implementation for e-commerce.

Whatever the changes, I'll reserve judgment until after the facts are known.
dayone is offline  
Old Jul 15, 15, 5:34 pm
  #6  
 
Join Date: Dec 2009
Location: PEK & MKE
Programs: Amex-gold, Hainan-gold, Mrt-LT Titanium
Posts: 1,212
+2

Originally Posted by den1k View Post
++1
+2

Damn those web based MBA consultants who work for Mrt, they know how to run the meter !
Jiatong is offline  
Old Jul 15, 15, 6:23 pm
  #7  
A FlyerTalk Posting Legend
 
Join Date: Aug 2002
Programs: UALifetimePremierGold, Marriott LifetimeTitanium
Posts: 68,487
So does anyone else think it's funny that both of the links marriottconciege provided links back to the 2 on flyertalk?

Cheers

Last edited by SkiAdcock; Jul 15, 15 at 7:25 pm
SkiAdcock is offline  
Old Jul 15, 15, 6:41 pm
  #8  
 
Join Date: Mar 2003
Location: Los Angeles, CA
Programs: UA 1K 1MMer & LT UC (when flying UA); Hyatt Credit Cardist; HHonors Gold; Marriott Gold via UA 1K
Posts: 6,605
Not too long ago my company moved toward 2-factor authentication for many applications. Yes, it's a bit of a rigamarole, but certainly preferable to getting hacked and having to deal with the consequences of a total stranger enjoying the fruits of your labor.
SS255 is offline  
Old Jul 15, 15, 6:59 pm
  #9  
 
Join Date: Oct 2000
Location: Seattle WA, USA
Programs: Hilton Diamond, Marriott Plat, AS MVPG&AL, others no status
Posts: 3,437
Originally Posted by Marriott Concierge View Post
...Account security is more important than ever. In the coming weeks, Marriott will be adding enhanced security features to further protect your account. Taking this one extra step now to update your profile information makes your account even more secure, and will help prevent unauthorized access.
Something to consider for the future: Account security is indeed important which is why I'm not going to click on a link in an email asking me to update or verify account info. I was immediately suspicious of the email Marriott sent me because it asked me to click on a link. If Marriott is serious about account security then send me an email asking me to go to the Marriott website on my own and verify/update whatever info is required. Encouraging people to click on links in emails is not indicative of concern regarding security. Just my two cents.
Westcoaster is offline  
Old Jul 15, 15, 7:15 pm
  #10  
A FlyerTalk Posting Legend
 
Join Date: Aug 2010
Location: DCA
Programs: UA US CO AA DL FL
Posts: 50,103
Maybe Marriott should have a zero-liability opt-in. You can use the non-secure single authentication if you want, but you agree to hold Marriott harmless from any liability for a hack.

The people kvetching here will be the first to rant when they lose something.
Often1 is offline  
Old Jul 15, 15, 7:35 pm
  #11  
A FlyerTalk Posting Legend
 
Join Date: Aug 2002
Programs: UALifetimePremierGold, Marriott LifetimeTitanium
Posts: 68,487
So basically Marriott is asking you to provide a phone number and email to get ready for their new authentication. Presumably if you already have that and you'r e happy with it there should be no problem.

Fwiw - I thought Marriott was going to ask for a stronger password. If hackers can already access my account, they'd already have my email and phone number.

Cheers
SkiAdcock is offline  
Old Jul 15, 15, 8:49 pm
  #12  
FlyerTalk Evangelist
 
Join Date: Jan 2005
Location: home = LAX
Posts: 25,133
Originally Posted by SkiAdcock View Post
So basically Marriott is asking you to provide a phone number and email to get ready for their new authentication. Presumably if you already have that and you'r e happy with it there should be no problem.

Fwiw - I thought Marriott was going to ask for a stronger password. If hackers can already access my account, they'd already have my email and phone number.

Cheers
Didn't they already increase the minimum password length a year or so ago? I remember having to go from 6 to 8 characters.

Anyway, by using password alone, Marriott seems light year ahead of IHG Club which still uses only PIN, UA which allows only PIN despite also having passwords, and even Hilton which just dropped PIN only a couple a months ago. An 8-character password (with some rules about how it must be formed) seems light-years ahead of a numeric-only 4-digit PIN!
sdsearch is online now  
Old Jul 16, 15, 6:07 am
  #13  
 
Join Date: Sep 2001
Location: Connecticut
Programs: AA LT plat; Marriott LT plat; Hilton Gold
Posts: 282
Originally Posted by Westcoaster View Post
Something to consider for the future: Account security is indeed important which is why I'm not going to click on a link in an email asking me to update or verify account info. I was immediately suspicious of the email Marriott sent me because it asked me to click on a link. If Marriott is serious about account security then send me an email asking me to go to the Marriott website on my own and verify/update whatever info is required. Encouraging people to click on links in emails is not indicative of concern regarding security. Just my two cents.
That was my thought exactly when I got the email. I did not click a link - I went into my account to check / update. Terrible security to ask people to click an email link.
dougef is offline  
Old Jul 16, 15, 7:10 am
  #14  
 
Join Date: Apr 2011
Location: Treasure Coast, FL
Programs: DL Diamond, Marriott LT Plat, HH Diamond, Avis Preferred Plus, National Executive
Posts: 4,548
Originally Posted by lougord99 View Post
These changes will also help prevent my access. If Marriott thinks that I will be doing 2-step authorization to make a hotel reservation, they are mistaken.
The horror of a possible extra 10-15 seconds to complete an award reservation.
apodo77 is offline  
Old Jul 16, 15, 7:15 am
  #15  
 
Join Date: Apr 2011
Location: Treasure Coast, FL
Programs: DL Diamond, Marriott LT Plat, HH Diamond, Avis Preferred Plus, National Executive
Posts: 4,548
Originally Posted by sdsearch View Post
Didn't they already increase the minimum password length a year or so ago? I remember having to go from 6 to 8 characters.

Anyway, by using password alone, Marriott seems light year ahead of IHG Club which still uses only PIN, UA which allows only PIN despite also having passwords, and even Hilton which just dropped PIN only a couple a months ago. An 8-character password (with some rules about how it must be formed) seems light-years ahead of a numeric-only 4-digit PIN!
I believe Marriott is at least 8 characters and has to have at least one number and one upper case letter the last time I changed it. May be misremembering that but it was about a month ago.
apodo77 is offline  

Thread Tools
Search this Thread
Search Engine: