Moniker tries to improve security, but…
Moniker just sent an email to all of its customers notifying them that their passwords were reset in the name of better security.
Requiring stronger passwords at Moniker is a good idea. It has historically had weak password requirements, including password character composition and reset requirements.
Yet the way Moniker made the change was probably counterproductive to security.
The email to each customer included the login username and new password in plain text.
Which means you should definitely take Moniker’s advice to “Please reset your passwords to one of your own choosing that meets the new password requirements at your earliest convenience.”
Earliest convenience should be “five minutes ago”!
The email is also addressed to “Dear Valued Client” rather than the customer’s name. This is a security no-no because it trains customers to think that official communications won’t be addressed directly to them, making it easier for phishers to exploit customers in the future.
The email does include an account number. But I doubt many people know their account number off the top of their head. In fact, I’ve always used a username (not account number) to log in, and it appears this username no longer works!
At least there’s some good news from Moniker on the security front: two-factor authentication is coming soon.