Home > IT Perspectives > GoDaddy Terms with 6 Month Passwords

GoDaddy Terms with 6 Month Passwords

April 26th, 2009 Leave a comment Go to comments

godaddy-blog-sticky-noteThere are a few things you have to take into account when creating a password security policy.  You take care to make sure people can’t use normal dictionary words, you require more characters on the passwords, and you even require two passwords for really secure area.   If you make any part of the password experience too difficult, human nature will bypass your entire policy.  The human nature factor has become a valid model which we all recognize in security.  We know that the harder you make the password policy, the more likely people are to write that password on a sticky note.  I think you may be able to graph sales of sticky notes in correlation to password policies.

April 25th, 2009, I received the notice that GoDaddy has changed their terms of service for their password policy. They didn’t tell me what the policy change was, but said it was for passwords and account security and gave me a nice link back to the site.

You agree You are entirely responsible for maintaining the confidentiality of Your customer number/login, password, credit card number, and shopper PIN (collectively, the “Account Access Information”). You agree You are entirely responsible for any and all activities that occur under Your account. You agree to notify Go Daddy immediately of any unauthorized use of Your account or any other breach of security. You agree Go Daddy will not be liable for any loss that You may incur as a result of someone else using Your Account Access Information, either with or without Your knowledge. You further agree You could be held liable for losses incurred by Go Daddy or another party due to someone else using Your Account Access Information. For security purposes, You will be required to change Your password and shopper PIN every six (6) months, for every Go Daddy account, subject to Go Daddy’s password and PIN guidelines. You should keep Account Access Information in a secure location and take precautions to prevent others from gaining access to Your Account Access Information. You agree that You will be responsible for all activity in Your account, whether initiated by You, or by others on Your behalf, or by any other means. Go Daddy specifically disclaims liability for any activity in Your account, whether authorized by You or not.

I have to change my password and my pin number every 6 months? Really?  While this password approach is recommended for systems in a corporate environment accessing multiple resources on a DAILY basis, GoDaddy is an online account.  In the world of online accounts it is a move backwards in actual security to require this frequency of password changes.

For one, I don’t access my GoDaddy account every 6 months.  Now I am going to get a notice, explaining that I need to reset my password AND pin number for an account I haven’t even used.  I have to remember to go in and do it that before…how long exactly do I have to change this password GoDaddy?

Insert sticky note problem number one here.  Can I just ignore your request to change my password for another 6 months?  That is my first reaction of human nature.

What if the other 316 online accounts I have required me to change account information every 6 months?

Insert sticky note problem number two. Human nature would take over, and I would revolve all of my passwords to the same thing, all at the same time.  My password to go online and shop for car parts would be the same as my super secret GoDaddy account.

While this may help GoDaddy expunge themselves of some legal requirement to offload responsibility for account access, it punishes the end users and creates a larger security problem in the end. GoDaddy has started down a path that will fail if it becomes adopted elsewhere, possibly opening the door to the modern day sticky note of security problems.

Categories: IT Perspectives Tags: