IHG Hotels, the parent company of Holiday Inn and many other brands, has finally updated its IT and is allowing you to set a password for your account. Up until now, they have depended on a 4-digit PIN for account security. Not surprisingly, there have been many reports of people having their IHG accounts hacked, including this post from One Mile At A Time. What else do you expect when all that’s keeping you from logging into an account is four numbers?
In what is probably the slowest IT advancement ever, IHG is FINALLY letting you change your login password to something strong enough to ward off even the most amateur hackers.
IHG’s website does a pretty good job patting themselves on the back for getting their online security up the standards of five years ago (or maybe that’s ten years).
In line with best practices for managing your online accounts, we recommend that you change your passwords or PINs on a regular basis. Although we have no reason to believe that your IHG Rewards Club® PIN is not secure, if you haven’t changed it recently, now may be a good time to do so while you are thinking about it.
Although IHG will use e-mail as a means to inform you about offers and promotions to help you further enjoy your stay with us, we will not contact you via e-mail or phone to request account, credit card, or personal information.
Instead of a four-digit PIN, they now allow you to make a standard password.
Please select a password of at least eight characters, including at least three of the following: capital letter, lowercase letter, number, special character.
I give them credit that their system now allows passwords above 40 characters. You’ll now need to use at least 8 characters and 3 of 4 different character types to have an acceptable password. Of course, if you don’t want to change your hackable 4-digit pin, you’re welcome to keep it, for now.
To change your password, go to this website and log into your account.
After making my more secure password, I received this email.
This isn’t a new development as IHG rolled this out at least a month or more ago. Not only did they not publicize the change, but they’re also not forcing people to create a more secure password.
Then what’s the point? It’s like IHG’s saying, “Yeah, we know it was really easy to break in before, but we’re allowing you to keep your old lock instead of making you upgrade to the new, less hackable version.” True, I understand that people hate having to create strong passwords for all of their accounts and they’d rather keep the same PIN they use for all of their ATM cards. At some point, shouldn’t it be up to the administrators of a program to force people to keep their accounts up to date?
If not, hackers will still be able to hit accounts and drain the points before the account holders ever know anything’s happened. When that happens, will the IHG staff say that it’s our fault for not setting a more secure password instead of a PIN?
I sure hope not, and I don’t intend to find out.
Like this post? Please share it! We have plenty more just like it and would love it if you decided to hang around and get emailed notifications of when we post. Or maybe you’d like to join our Facebook group – we have 11,000+ members and we talk and ask questions about travel (including Disney parks), creative ways to earn frequent flyer miles and hotel points, how to save money on or for your trips, get access to travel articles you may not see otherwise, etc. Whether you’ve read our posts before or this is the first time you’re stopping by, we’re really glad you’re here and hope you come back to visit again!
This post first appeared on Your Mileage May Vary