Wow, this is pretty horrible! I focus so much on getting the best possible offers and the highest amount of points for new card sign-ups, that I’ve completely let the ball drop on the security of my online AmEx account. To be fair, I primarily use the AmEx app and have Touch ID enabled…that of course doesn’t prevent someone from logging into my account with the normal password.
I received the below email from American Express today, reminding me that I have not changed my AmEx online password (also used for the app) in over 10 years! That’s really bad, especially since the password requirements a decade ago were a joke. Don’t worry, I’ve gone ahead and created a strong password. Thanks to AmEx for the reminder (why did it take 10 years) and let this be a PSA for others who have been using that same saved password for years.