123 Reg logo Blog

Important change to our password policy

By Richard Winslow - August 25, 2016

I would like to take this opportunity to inform customers of an important update to our account password policy; extending previous updates made in 2014 and 2015.

Firstly, please note that 123 Reg will not be sending you a password reset link or email with your password, any password change required on your account will be processed actively by yourself by visiting our website. This is to ensure your account remains secure.

I want to make sure we have the best policies and procedures in place to make sure your business is secure and your data is kept safe. Our password policy is very similar to that of a Windows AD account and will feel familiar.

We introduced our updated policy several weeks ago. Each new or reset password will have to meet the following criteria:

  1. Eight or more characters
  2. A mix of lower and upper case English letters
  3. At least one number (0-9)
  4. At least one special character from: ! $ % ^ & * > ( ) – _ = + } { # @ ‘ : ; . , < / | ? “
  5. At least four unique characters
  6. No more than two repeated characters together (eg. hhh)
  7. No number sequences (eg. 5678)

To ensure that all accounts adhere to the new policy we will be enforcing an update to all current passwords on September 1st. As noted above, we will not email you a reset link without you requesting it first.

There are two options available to you;

Before September 1st; Login to your 123 Reg Control Panel, scroll down and click ‘Change your password’. Once you have changed your password to the new requirements you can carry on using your account.

After September 1st; Your password will be disabled and you will need to reset your account to gain access. When you are on our login page you can use the forgotten password link, only then will you be sent an email with a link to reset your password.

This is a great opportunity to check that the email address we hold on your account is valid and to enter, if you have not already done so, your security questions used when speaking to our service teams by phone.

We do understand that such changes may appear arduous. However, these new standards have been created to ensure the security of your business. Therefore, as part of our commitment to constantly review our security measures these updates are being enforced so that we continue to protect our customers.

Over the coming months we will make further changes to your account to add additional levels of protection. Many of these will be in the background and you will not notice, others will require your interaction to support.

How to Protect yourself

Passwords are only as secure as the account holder looking after the password. We have protections and systems in place to help protect your account, however when someone has your password they can gain access to an account and make changes.

There are many ways your password might be found. On the basic level, if you write this down on a piece of paper then someone might read it, up to advanced levels of hackers tricking you in to giving them your password through forged emails or attacking your computer to gain access to any passwords written down.

You should never follow links from an email that you are not expecting asking you for your password. If you visit a website directly, or by performing a google search, and clicked that you have forgotten your password, you would expect to receive a password reset email and know it is legitimate. If you receive a password reset without having requesting it then you may well be being scammed.

123 Reg will not ask for your password by email. We will only send emails from @123-reg.co.uk. You should always make sure that any link you follow takes you to https://www.123-reg.co.uk/, if you are not sure about an email then do not follow the link, visit the site directly in your web browser.

123 Reg will not call you up and ask for your password. If you do not have security questions set then you may be asked for your password when calling up support to verify your account, but we will never call you and ask for it.

Further Reading

Please learn more about password security in our blog posts detailing ways to protect and identify risks to your accounts;

I would like to thank all customers for their cooperation and understanding during this necessary update.

Richard Winslow