Hi guys,
Now, I appreciate that there is a lot of sensitive info on our Hostelworld accounts (credit card info of course), but Hostelworld goes way too far with their password protection measures. Can anyone explain to me why it is necessary to completely lock us out of our account for sometimes as long as 48 hours only because a staff member flubbed/forgot the password and entered it incorrectly 3 times in a row? Then it immediately cancels your password and makes you jump through hoops to reset it, at which point you have to enter a new password.
What is the point of this? The standard password protection measure is that if you enter it incorrectly a certain number of times, it locks you out for a certain amount of time, say 5 - 10 minutes. This makes sense because it prevents people from repeatedly guessing the password dozens of times until they get the right one.
But what is the point of completely voiding your password and making you get a new one? Can someone explain this to me? It frustrates me to no end, I hate being locked out of an account that I am supposed to have control over because some overzealous coder decided this needed security better equipped for the FBI databases.
Log in to join discussion