Your Questions, Our Answers: Password Resets Explained

February 9, 2017 / 2 min read

This is the first in a series of posts, Your Questions, Our Answers, in which we’ll address common inquiries from our customers. We welcome your inquiries as we seek to meet your needs and ensure your satisfaction.

The most repeated customer inquiry or complaint received by iiX through our annual survey and customer support interactions concerns the iiX password expiration and reset policy. It’s important to iiX for customers to understand the origins of this policy, along with the reasoning for such strict enforcement.

According to the Verizon 2016 Data Breach Investigations Report, 63 percent of data breaches were due to the compromise of weak, default, or stolen passwords. The malicious use of compromised legitimate user credentials currently represents the most common vector of attack in a data breach. As a provider of consumer reports containing personally identifiable information (PII), it’s critical for iiX to take precautions to ensure its boundaries are secure and only authorized users have access to consumer information.

The iiX password expiration and reset policy originated from two key areas: data-vendor contracts and industry-recognized IT security best practices. iiX contracts directly with all 50 states and the District of Columbia to provide our customers with access to consumer records in compliance with the Driver’s Privacy Protection Act (DPPA). Each state contract is unique and contains certain information security requirements with which iiX and its customers must comply to access state-provided records. To allow for clarity and ease of enforcement, iiX has taken the strictest of those requirements as they pertain to the iiX service and implemented each as the baseline for the iiX password expiration and reset policy. The policies align directly with industry-recognized IT security best practices and should be adopted by any business with access to sensitive information or PII.

The security of all consumer information and PII within the iiX boundaries is of the upmost importance, and iiX greatly appreciates the efforts of both our staff and our customers in helping ensure compliance with the policies in place.