IHG Rewards Club FINALLY Fixes Their Worst Flaw

I am no IT expert, but I know ridiculously poor IT security when I see it. For many years, IHG Rewards Club members have only been allowed to protect their accounts with a simple 4-digit PIN.  Know somebody’s 9-digit Rewards Club number or main e-mail address? (or simply be willing to guess) Then you can easily brute force your way into their account, with only 9999 passwords to test. Child’s play…

Recently, IHG Rewards Club has made a major improvement. We still aren’t anywhere near state-of-the-art two-factor authentication. But at least we are now allowed to set a proper password. This new password must have at least three of the following:

  • A capital letter
  • A lowercase letter
  • A number
  • A special character (i.e. !,$,&,%)

There are two main ways to change your password. Before logging in, you can simply “reset password” and wait for e-mail instructions.


Alternatively, you can log in to your account, click on the Personal Information link of your Account Summary.

From there you can change your password.


Nobody enjoys seeing their loyalty accounts drained of points/miles. Although you can usually arrange to have your miles or points refunded, this process still entails a lot of hassle. And despite the fact that most of us still end up using easily-guessed passwords – and even worse – using the same passwords across multiple accounts, any password is still going to be substantially better than a 4-digit PIN.

So this holiday season, make sure that you change your IHG Rewards Club PIN to a much stronger password. I do my best to come up with complicated passwords and save them on my Award Wallet account (with an even stronger password). I also make sure to have up-to-date anti-virus software on my computers and only log in to my loyalty accounts from secure wifi routers. I’m sure I could do far better, but I’ve never had a problem so far…

What do you do to maintain online security for your valuable airline and hotel chain accounts?


Written by Craig Sowerby