I use iContact’s marketing service. It’s an overall great app and reputable company but they’ve now made my list of ridiculous password requirements. I was logging in to their site today using what I consider to be a strong password and got this message:
As part of our latest application security upgrade, iContact has strengthened the criteria for account passwords. To access your account, you must first reset your password.
So I have to reset my otherwise secure password…and the darndest thing is that it wouldn’t let me re-use my old one…so what do I do? Well, I’ve never been a big fan of forced password changes. In the interest of keeping my passwords uniform so I can keep up with everything I set my password to something LESS secure than it was before.
Instead of forcing everyone to change their passwords perhaps the folks at iContact could’ve determined users who currently have weak passwords and been more targeted in their approach. Or they could’ve permitted me to re-use my previous password and run a complexity check against it and, if it passes, let me keep it. But no, just make everyone change their passwords…that’ll do the trick.
Sure, this is a private company making their own policies. I’m all for that. The reality is people not thinking things through regarding security often end up getting in the way of it.
iContact, I love you…but golly.
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”