I’m far from a web security expert, though one thing that has been incredibly puzzling to me is IHG Rewards Club’s horrible account security.
IHG Rewards Club Has Used Four Digit PINs
Historically IHG Rewards Club has only allowed members to use four digit PINs to secure their accounts, and not longer passwords. It’s one thing to give people the option of choosing four digit PINs (which is bad enough), but to not give people any other options is mind-boggling.
IHG Rewards Club has had huge issues with account hacking, which shouldn’t come as a surprise given their PIN security system. For example, Andrew wrote about how his IHG account was hacked.
I’m not sure what exactly IHG’s motivation was for not allowing passwords for so long. We’re talking about a loyalty program with tens of millions of members, and presumably the company was out of pocket in cases where accounts were hacked and already redeemed, and they had to restore points? So why hasn’t this been a priority?
Well, there’s some good news on that front…
IHG Rewards Club Now Lets You Select Password
Going forward, IHG Rewards Club will require all accounts to have passwords rather than PINs.
Passwords must be at least eight characters, and include three of the following:
- Capital letters
- Lower case letters
- Special characters
Signing Up For A New IHG Account
If you’re signing up for a new IHG Rewards Club account, you’ll see that you’re asked to create a password during the sign-up process, so that’s easy enough.
Adding A Password To An Existing IHG Account
If you’re an existing IHG Rewards Club member you won’t be forced to change from a PIN to a password, but you have the option of doing so. You have two easy ways you can go about this.
The first is to go to the log-in page for your account, and click the “reset password” link, which will force you to select a password rather than a PIN.
Alternatively you can log into your IHG account, go to the “personal information” tab, and then in the “account information” section you’ll see an option to edit your password. You’ll be asked to enter your current PIN, and then you can select a password that adheres to the new requirements.
It’s nice to see IHG Rewards Club finally adding the functionality to select a password. I still can’t wrap my head around why it took them long. Maybe people who know more about web security than I do can chime in on that…
(Tip of the hat to JT Genter)