Mega-Breaches Prove One Thing: Logins Must be Ditched

In the final weeks of 2018, Marriott International disclosed that its Starwood reservation database had been hacked, exposing the personal information of almost 500 million guests for a period of four years. 2018 was also the year of other global hacks including Facebook and Google, so it’s no wonder that businesses and consumers alike are on edge when it comes to personal data security. As we begin 2019, one thing is certain: Hacks and data breaches will not only continue, they will become increasingly sophisticated and frequent. It is time for everyone to rethink the security of their data and examine an alternative solution for thwarting hackers—starting by removing passwords and logins altogether.

According to a recent Deloitte report, travel and tourism are among the world’s fastest-growing industries, with bookings generating close to $1.6 trillion in 2017. For travelers seeking the best rates, bookings are made weeks or months in advance through hotel websites or travel agencies. Reservations often ask for personal information like name, address, phone number, age, and credit card number – an ideal target for cyber criminals. Although many hotels and travel agencies require users to create an account with a username and password when making a reservation, these are ineffective deterrents and susceptible to falling into the wrong hands (consider the Marriott data breach).

Businesses may think they are providing an additional layer of security with two factor authentication, but security remains far from guaranteed. Instead of racing to install the latest security feature in account protection, businesses should take a step back and reexamine the primary point of vulnerability: logins. Removing an access point for hackers in the form of passwords and login information will tighten security and create a more streamlined experience for the end user

Several other industries have turned to mobile identity verification solutions to deliver back-end security and verify identities via a physical mobile device. With a mobile identity verification solution, users no longer have to create an account that risks being hacked; instead, users are verified passively with no interruption. 

For hotel and business owners, such solutions remove logins from the access chain and eliminate the ability of hackers to pose as someone else since personal information is tied directly to mobile hardware. In addition to the added level of security, businesses deliver a frictionless booking experience for users, helping them avoid the hassle of remembering login information across multiple accounts. According to a recent study, more than a third of online purchases are abandoned at checkout due to forgotten passwords. By eliminating the password altogether, businesses can increase sales, heighten security, and deliver a more efficient customer experience.

The scope of the Marriott data breach might never be fully known, but we can be sure that similar breaches and hacks are inevitable in the coming years. To protect users from losing their personal data, hotel owners and businesses can proactively prepare by removing security vulnerabilities like usernames and passwords, and instead use mobile identity verification solutions as an authenticator. By making this switch, hackers in the future can no longer use stolen information since the data is tied to the mobile device itself, closing a security vulnerability that has long plagued these industries.


Megan Davis
Edelman | +1 (202) 756-2438