Q. I am a member of the Hilton HHonors program and usually check my points balance and make reservations on the website. However, I needed the help of a customer service representative so I called. To verify who I am, she asked me for my password. I said that I am not telling a human being my password; she said she was already looking at it. I don’t know of any company that gives their customer service staff access to customers’ passwords. Many people use the same, or similar, passwords on multiple websites, so I can’t believe a company like Hilton is so outrageously breaching the confidentiality of their customers’ passwords. I was about to ask for a manager but she hung up on me when I stated that I thought it was outrageous that she could see my password. Can you help change the Hilton policy?
A. You’re not the first person to raise issue with this curious policy. But it’s still surprising to see a major company allow that sort of access to customers’ passwords in light of all the well-publicized data breaches.
Secondarily, getting a response like that when very reasonably taking issue with such a request is no way to treat a consumer – particularly a customer calling into a company’s loyalty program.
Hilton spokeswoman Blake Rouhani said, “We are investigating the exchange between this member and our customer care representative. It is important that our members know their personal information is safe and secure and we take this matter very seriously. We are also reviewing our systems and will make any necessary enhancements to ensure that protection is in place.”
Hopefully, finding another way to verify the identity of members (using a security question, for instance) will be one of those enhancements. While it is good practice to vary passwords, especially those tied to personal and financial information, there is still no good reason to give out your password over the phone.
So far, there has been no announced change in policy from Hilton. With HHonors claiming a membership of about 38 million consumers, an awful lot of people have a stake in the company’s decision.Mitch Lipka has been helping consumers out of jams for the past two decades. He lives in Worcester and also writes the Consumer Alert blog on Boston.com. Mitch can be reached at email@example.com. Follow him on Twitter @mitchlipka.