Senior Director & Senior Principal of Security Architecture
Session Abstract: Customer authentication is a rapidly evolving field where multiple methods of authentication are being introduced every few months. This includes the traditional form of username and password authentication, and newer methods like social login through other providers and the even more novel passwordless authentication. When you are dealing with hundreds of millions of customers, rolling out newer authentication methods requires meticulous planning and rollouts; otherwise, you'll experience confused customers and potential login outages that impact customer revenue.
At hospitality giant Hilton, we serve close to 140 million consumers through our different web channel Hilton.com, the Hilton Honors app for iOS and Android devices, a China mini-program with its own mobile app. Our channels support different types of login such as traditional username and password, social login, mobile login and login w with WeChat UnionID. Additionally, FIDO2-based passkeys are expected soon.
This presentation will discuss how Hilton successfully rolled out different authentication methods without any customer impact. It will include its current plans to roll out passkey authentication, how the alternative methods for authentication will coexist for sometime before an eventual 100% migration to passwordless.