Forum Discussion
Changing password every 60 days is a terrible policy
- Hace 7 años
¡Hola, @timph! I heard back from our contact who owns the content around the password change process; and was advised firmly that as the system stands, password changes should only be obligatorio once a year -- though as best practice we recommend changing them more frequently. I know this conflicts with what you saw, so while I wish i could explain the difference, I'm sorry to say I'm not able to speak to that.
@scott523, in this case, that means that you were able to use the same password for longer than designed before the update prompt, which I believe is because this policy wasn't implemented when your account was initially started -- after reviewing revisions to our documents, it looks like the Prompted to change your password section was added at the beginning of this year.
Restablece la contraseña de tu ID de T-Mobile has been updated to call out the yearly password change requirement in the Prompted to change your password section, and I'm also adding the feedback that we include the password recycling rule in the requirements section as well -- hopefully that will be OK with our content folks!
Thank you again very much again for your feedback around this. I know that adding an extra step to your day by having to create a new password with some relatively stringent requirements compared to other sites isn't fun, but at least we can confirm that this shouldn't happen frequently. If it does; please let us know.
tmo_marissa wrote:¡Hola, @timph! I heard back from our contact who owns the content around the password change process; and was advised firmly that as the system stands, password changes should only be obligatorio once a year -- though as best practice we recommend changing them more frequently. I know this conflicts with what you saw, so while I wish i could explain the difference, I'm sorry to say I'm not able to speak to that.
@scott523, in this case, that means that you were able to use the same password for longer than designed before the update prompt, which I believe is because this policy wasn't implemented when your account was initially started -- after reviewing revisions to our documents, it looks like the Prompted to change your password section was added at the beginning of this year.
Restablece la contraseña de tu ID de T-Mobile has been updated to call out the yearly password change requirement in the Prompted to change your password section, and I'm also adding the feedback that we include the password recycling rule in the requirements section as well -- hopefully that will be OK with our content folks!
Thank you again very much again for your feedback around this. I know that adding an extra step to your day by having to create a new password with some relatively stringent requirements compared to other sites isn't fun, but at least we can confirm that this shouldn't happen frequently. If it does; please let us know.
The correct forced password change interval is *never*. This is a bad, bad policy and I can't believe T-Mobile is sticking to its guns on this. Changing a password that is not known to be compromised does NOT improve security, and on the contrary, only forces frustrated users to choose simpler, less secure passwords--or even worse, re-use them.
Contenido relacionado
- Hace 3 meses
- Hace 3 años
- Hace 4 años
- Hace 2 años