If you’ve tried to log into your Hilton Honors account since yesterday, you may have noticed that it now has a CAPTCHA (which I just learned stands for “Completely Automated Public Turing test to tell Computers and Humans Apart”) when trying to log in.
Why does Hilton’s CAPTCHA matter?
The main reason this matters is because it means you can no longer use an automated service to check your Hilton Honors balance. For example, you can’t use AwardWallet to automatically access your Honors account anymore. Instead if you try to log in through AwardWallet it will redirect you to the Hilton Honors page and pre-fill in your details, but you’ll have to complete the CAPTCHA.
Why did Hilton add a CAPTCHA?
So, did Hilton add this because they don’t want you checking your points balances through an automated service? They wouldn’t be the first loyalty program to do so. For example, Delta, Southwest, and United have all at one point told AwardWallet to stop displaying their data.
I don’t think that’s the cause here, though. I do genuinely believe it’s for the security of members’ accounts. There have been quite a few instances of account hacking lately, so I think that’s the reason for this new “feature.”
Hilton is one of the few hotel programs to still have a four digit PIN based system for accessing accounts as opposed to a password, and those are quite easy to hack.
I’d be willing to bet they’ll be changing the PIN based system eventually, and instead allow members to use passwords to access their Honors accounts. Hopefully the CAPTCHA is just a temporary solution, and disappears if/when they make this change.
Bottom line
Ultimately this isn’t a big deal, but in case you try to log into your Honors account with AwardWallet today and can’t figure out why it won’t work, there you have it…
I was literally just asked for my password when I called up on the phone to HHonors support. This was after I said I didn't know my PIN. I asked in shocked disbelief if the person could see my password, and she said yes. I didn't follow up further on this, but just asked her to ask me a different security question. What a circus?!
I use to stay in a Hilton property 4 to 5 nights a week as a Diamond member. I now have had to switch to either Marriott or Holiday Inn because I can't figure out the CAPTCA letters. Neither can my secretary or my teenagers . Ha. Extremely frustrating. But I will have to give my money to their competitors until they make a change.
Agreed, Jon! I'm actually in the process of offering something to them that will dramatically help with that. As a loyal HHonors member, I'm hoping they jump on board to better protect us all. Thanks for the news, Ben!
I'd call this change "Lipstick on a Pig". The fact is that they still don't give users the ability to turn off the 4-digit PIN login. With all the big security breaches this year I can't believe this is the best they can do.
They have user names and password as an option for logging in. I wonder why they don't just force people into using those instead of continuing to allow HHonors # + PIN for login.
There's been a lot of talk within Hilton recently because of the recent update to e-checkin where it's open to any Hilton HHonors member.
Because e-checkin users are not supposed to be asked to show ID or swipe their credit card when they pick up their keys, all it takes is knowing somebody's Hilton HHonors number and PIN to cause them to pay for your hotel stay, so I imagine it's in response to this that they're increasing security.