Moments ago, I received the following email from GoDaddy regarding my contract with the registrar for several domains:
Dear Ari Herzog,
In accordance with our terms of service, please be aware that we have made a change in Section 4, Account Security. View details of this policy change.
If you have questions about our updated password policy, visit our Security Center or contact a Customer Service Representative at (480) 505-8877.
Thanks as always for being a Go Daddy customer.
I clicked the link–and, to my shock, saw the following buried in that section:
For security purposes, You will be required to change Your password and shopper PIN every six (6) months, for every Go Daddy account, subject to Go Daddy’s password and PIN guidelines.
Apparently, GoDaddy is taking its time alerting its members–and a quick scan of the blogosphere confirms nobody is happy. The earliest mentions occurred around March 18 at Webmaster World, DSL Reports’ bulletin board, and Hacker News’ similar discussion.
I wonder if they’re going in alphabetical order or according to customer ID.
What I do know is I’m fed up with the registrar’s high prices in comparison to other registrars, and this requirement by GoDaddy, err, Big Brother, forcing me to change my password is preposterous. If my account is hacked, shouldn’t that be my fault? If I’m liable for my actions, shouldn’t I be liable for irresponsibility and creating hackable passwords?
I’ll wait it out a few months… and likely look into shifting my GoDaddy-registered accounts elsewhere where I can be in control of my own online real estate and I can make the rules when I want to change my passwords.
Speaking of which, if you’ve made it down this far, please consider clicking to my guide from last fall on the importance of creating a mnemonic password.