IHG Rewards Club FINALLY Fixes Their Worst Flaw

Some links to products and partners on this website will earn an affiliate commission.

I am no IT expert, but I know ridiculously poor IT security when I see it. For many years, IHG Rewards Club members have only been allowed to protect their accounts with a simple 4-digit PIN.  Know somebody’s 9-digit Rewards Club number or main e-mail address? (or simply be willing to guess) Then you can easily brute force your way into their account, with only 9999 passwords to test. Child’s play…

Recently, IHG Rewards Club has made a major improvement. We still aren’t anywhere near state-of-the-art two factor authentication. But at least we are now allowed to set a proper password. This new password must have at least three of the following:

  • A capital letter
  • A lowercase letter
  • A number
  • A special character (i.e. !,$,&,%)

There are two main ways to change your password. Before logging in, you can simply “reset password” and wait for e-mail instructions.


Alternatively, you can log in to your account, click on the Personal Information link of your Account Summary.

From there you can change your password.


Nobody enjoys seeing their loyalty accounts drained of points/miles. Although you can usually arrange to have your miles or points refunded, this process still entails a lot of hassle. And despite the fact that most of us still end up using easily-guessed passwords – and even worse – using the same passwords across multiple accounts, any password is still going to be substantially better than a 4-digit PIN.

So this holiday season, make sure that you change your IHG Rewards Club PIN to a much stronger password. I do my best to come up with complicated passwords and save them on my Award Wallet account (with an even stronger password). I also make sure to have up-to-date anti-virus software on my computers and only log in to my loyalty accounts from secure wifi routers. I’m sure I could do far better, but I’ve never had a problem so far…

What do you do to maintain online security for your valuable airline and hotel chain accounts?


  1. Rob Rixon says

    At last! Password changed. I use LastPass for my password and account security and use auto-generated passwords wherever possible, so I only have to remember my Master Password.

  2. Richard says

    Thanks very much Craig for flagging this up. Yes, finally a big security improvement from IHG. I have now changed my password to a much longer and more secure one. Like Rob above I use a password manager, and can certainly recommend it.

Leave a Reply

Your email address will not be published. Required fields are marked *