Hilton HHonors Increases Account Security

If you’ve tried to log into your Hilton HHonors account since yesterday, you may have noticed that it now has a CAPTCHA (which I just learned stands for “Completely Automated Public Turing test to tell Computers and Humans Apart”) when trying to log in.

Hilton-HHonors-CAPTCHA

Why does Hilton’s CAPTCHA matter?

The main reason this matters is because it means you can no longer use an automated service to check your Hilton HHonors balance. For example, you can’t use AwardWallet to automatically access your HHonors account anymore. Instead if you try to log in through AwardWallet it will redirect you to the Hilton HHonors page and pre-fill in your details, but you’ll have to complete the CAPTCHA.

Why did Hilton add a CAPTCHA?

So, did Hilton add this because they don’t want you checking your points balances through an automated service? They wouldn’t be the first loyalty program to do so. For example, Delta, Southwest, and United have all at one point told AwardWallet to stop displaying their data.

I don’t think that’s the cause here, though. I do genuinely believe it’s for the security of members’ accounts. There have been quite a few instances of account hacking lately, so I think that’s the reason for this new “feature.”

Hilton is one of the few hotel programs to still have a four digit PIN based system for accessing accounts as opposed to a password, and those are quite easy to hack.

I’d be willing to bet they’ll be changing the PIN based system eventually, and instead allow members to use passwords to access their HHonors accounts. Hopefully the CAPTCHA is just a temporary solution, and disappears if/when they make this change.

Bottom line

Ultimately this isn’t a big deal, but in case you try to log into your HHonors account with AwardWallet today and can’t figure out why it won’t work, there you have it…

Comments

  1. There’s been a lot of talk within Hilton recently because of the recent update to e-checkin where it’s open to any Hilton HHonors member.

    Because e-checkin users are not supposed to be asked to show ID or swipe their credit card when they pick up their keys, all it takes is knowing somebody’s Hilton HHonors number and PIN to cause them to pay for your hotel stay, so I imagine it’s in response to this that they’re increasing security.

  2. They have user names and password as an option for logging in. I wonder why they don’t just force people into using those instead of continuing to allow HHonors # + PIN for login.

  3. I’d call this change “Lipstick on a Pig”. The fact is that they still don’t give users the ability to turn off the 4-digit PIN login. With all the big security breaches this year I can’t believe this is the best they can do.

  4. Agreed, Jon! I’m actually in the process of offering something to them that will dramatically help with that. As a loyal HHonors member, I’m hoping they jump on board to better protect us all. Thanks for the news, Ben!

  5. I use to stay in a Hilton property 4 to 5 nights a week as a Diamond member. I now have had to switch to either Marriott or Holiday Inn because I can’t figure out the CAPTCA letters. Neither can my secretary or my teenagers . Ha. Extremely frustrating. But I will have to give my money to their competitors until they make a change.

  6. I was literally just asked for my password when I called up on the phone to HHonors support. This was after I said I didn’t know my PIN. I asked in shocked disbelief if the person could see my password, and she said yes. I didn’t follow up further on this, but just asked her to ask me a different security question. What a circus?!

Leave a Reply

Your email address will not be published. Required fields are marked *