Forum Discussion
Changing password every 60 days is a terrible policy
I recently log into my.t-mobile site and have to change my password due to this new policy. This new policy is terrible due to multiple reasons. Anyone who is current on IT security should know that changing your new secured/selected password to something new randomly causes more trouble than its worth. User can't remember these new things every 60 days if you create a secure combination for your password.
I don't log in to t-mobile every day to see/change things. If you cannot secure my password in the first place, it's not our faults. Don't force us to change ours to cover your problem.
¡Hola, @timph! I heard back from our contact who owns the content around the password change process; and was advised firmly that as the system stands, password changes should only be obligatorio once a year -- though as best practice we recommend changing them more frequently. I know this conflicts with what you saw, so while I wish i could explain the difference, I'm sorry to say I'm not able to speak to that.
@scott523, in this case, that means that you were able to use the same password for longer than designed before the update prompt, which I believe is because this policy wasn't implemented when your account was initially started -- after reviewing revisions to our documents, it looks like the Prompted to change your password section was added at the beginning of this year.
Restablece la contraseña de tu ID de T-Mobile has been updated to call out the yearly password change requirement in the Prompted to change your password section, and I'm also adding the feedback that we include the password recycling rule in the requirements section as well -- hopefully that will be OK with our content folks!
Thank you again very much again for your feedback around this. I know that adding an extra step to your day by having to create a new password with some relatively stringent requirements compared to other sites isn't fun, but at least we can confirm that this shouldn't happen frequently. If it does; please let us know.
I have to agree! It's plain downright pathetic! The passcode is the same way. Everytime, I call now with an issue, I need a text sent to me because my so-called New Code doesn't work. This is BS! And here's the sad part. If I found or stoled a phone and told ya, I didn't have my pass-code, T-mobile will send it to ya. right there while on the phone, they helped ya break into someone account. Poor security!
The system did not give any reason to force me to change password. It just said my password expired and I need to change it. I haven't logged in for a while, at least 3-4 months so I don't know how long it is. The password change page required a new complex - no previous pwd, etc.. - AND stated very clear that you have to change your password every 60 days. Go change password yourself to see.
I want to get back to use my old password that I can remember. Tell your IT department that we ARE NOT your IT users.
Just because they don't say it's their policy doesn't mean it isn't. I've been FORCED to change my password several times this year.
No, it's not coming from inside your profile account AFTER you logged in. It asked me to change my pwd after the login screen. That pwd change screen is not one of the above.
I am totally annoyed (and frustrated) at the way Tmobile handles their password resets. Although I understand the need to change passwords occasionally, it is ridiculous to have to change them every 60 days. To make matters worse, we are not given any notice or warning. I wanted to log in a pay my bill today and was not allowed to access my account without "changing" my password. But of course, it wasn't that simple. No, I had to have them send me a verification code first. That totally annoys me. So I had them send me an email. The email I received said "Forget your T-Mobile ID password? We hate when that happens, but it's an easy fix. Just click the button below to create a new one:" Receiving a message like that when I forgot my password it great but in this instance it took me beyond annoyance to anger because I didn't forget my password. Nor did I want to change it. Rather, they FORCED me to change it. Most places (that don't wish to cause their customers total frustration) will at least allow you to log in with your credentials then take you to a password update page so they can change it right away rather than having to go through the whole verification process. Again, I do understand the reasoning and appreciate Tmobiles commitment to keeping our accounts safe but angering your customers by forcing them to jump through multiple hoops without any forewarning is not very nice. Why couldn't I be given a heads up? What about a warning letting me know that my password was about to expire or an option to delay changing it but letting me know that I would need to change it within x numbers of days or something. Instead, rather than being able to quickly log on to pay my bill I've had to spend several minutes dealing with this whole password mess. To add insult to injury, they apparently changed their password parameters so that the "special character" that I have been using is no longer allowed. Then (in my rush to get this over with) I accidentally hit the caps lock button, so my new password is in caps (I think), which I don't want. I tried to change it again (to non-caps) and the website wouldn't let me change my password again. So, it appears that we are not allowed to change our passwords when we want to but are forced to change it when they decide they want us to without any forewarning, at the most inconvenient time and in the most annoying way possible. Gee, thanks Tmobile. I couldn't even post anything to these discussion boards without first verifying my account. Why can't I log in with my current password and change it from there?
This policy:
- increases the friction for users to pay their bills (brilliant business move t-mobile...)
- is super insecure
- is frustrating and annoying (Project Fi looks better every day)
Please consider hiring a more knowledgeable security expert to make these policy decisions.
You are spot on with this reply. Tmobile has an extremely frustrating password process. You'd think that since they aren't the best service in terms of quality, they'd make up for it in the way they treat their customers.
the worst part about this that there's comment after comment with people saying their being asked to change their passwords multiple times in a year, and this isn't the only forum I've seen it. and the customer service response seems to be nah-ah. At some point you'd think they'd say "hmmmm we've received multiple complaints that we are forcing passwords changes every few months, maybe we have an issue" but not t-mobile.
I have been forced to change my "my t-mobile" password twice this year, six months apart, June 2018 and today. I can show you the confirmation emails. Each time the system said it was because my password was "too old". It was not by choice. Also, the list of acceptable password characters is too short.
I also have to change my password every 2 months. So now I can't ever remember my password. This is really aggravating, and it doesn't make my account more safe. Plus, I share the security concern. My account is easily hack-able simply because if they have my phone, they can have a temporary password sent directly to my phone. How is this secure???
