Yesterday, I wrote (access here) that Hyatt had added a new field to the online form when trying to access one’s account in addition to the account number and password.
A LoyaltyLobby reader Tweeted me a link this afternoon to a page on IHG’s website that also requires last name to link to account. The sign in box on the upper right for now only requires account number and the four digit (very unsafe) PIN number.
You can access IHG Rewards Club here.
IHG Rewards Club has had these very lax four digit PIN numbers for too long that are easy to breach using brute force.
There have been studies done using hacked data and the most common PIN used is simple 1234 (represent 11% of all PINs) and 20 most common represents 28%.
Using the last name as one factor should make it more difficult for hackers to log in to someone’s account. At least they would need to know the last name of the person whose account they are trying to drain.