Forum Discussion
Changing password every 60 days is a terrible policy
I recently log into my.t-mobile site and have to change my password due to this new policy. This new policy is terrible due to multiple reasons. Anyone who is current on IT security should know that changing your new secured/selected password to something new randomly causes more trouble than its worth. User can't remember these new things every 60 days if you create a secure combination for your password.
I don't log in to t-mobile every day to see/change things. If you cannot secure my password in the first place, it's not our faults. Don't force us to change ours to cover your problem.
¡Hola, @timph! I heard back from our contact who owns the content around the password change process; and was advised firmly that as the system stands, password changes should only be obligatorio once a year -- though as best practice we recommend changing them more frequently. I know this conflicts with what you saw, so while I wish i could explain the difference, I'm sorry to say I'm not able to speak to that.
@scott523, in this case, that means that you were able to use the same password for longer than designed before the update prompt, which I believe is because this policy wasn't implemented when your account was initially started -- after reviewing revisions to our documents, it looks like the Prompted to change your password section was added at the beginning of this year.
Restablece la contraseña de tu ID de T-Mobile has been updated to call out the yearly password change requirement in the Prompted to change your password section, and I'm also adding the feedback that we include the password recycling rule in the requirements section as well -- hopefully that will be OK with our content folks!
Thank you again very much again for your feedback around this. I know that adding an extra step to your day by having to create a new password with some relatively stringent requirements compared to other sites isn't fun, but at least we can confirm that this shouldn't happen frequently. If it does; please let us know.
This is a load of crap, there's NO WAY it's been a year since you made me change my password. I've had to change it 3 times this year. My phone needs to be replaced so I think it's time I start shopping around for a new service provider. It's bad enough you jackasses are making me change my password every few months but to have your reps come on hear and lie about the frequency is just too much. Like we aren't going to know we've had to change are passwords at least 3 times in 2018 alone. pathetic.
T Mobile. There is clearly a customer demand that you change this policy. Why don't you let the customer choose when to change their own password, and what password they wish to use? If we want to use a previously used password, LET US! We are paying customers and we want choices that suit our needs. Or perhaps it's time to make a choice on what phone service we will be using in the future.
Marissa, I appreciate you trying to troubleshoot this issue but I think you’re going the wrong way on this matter.
The issue is when a user hasn't changed their password in many months, the system forces the user to change their password upon logging in. So your screenshots are useless because it'll only happen after logging in. You probably won't get a screenshot from us unless someone didn't change their password yet. Maybe IT should just make an account with an old password and try it for themselves...
This also happened to me (just a normal postpaid customer) and I must admit that I haven't changed my password since I joined T-Mobile. Forcing to change an old password at a government level may be reasonable but at a services/utilities level(?), it maybe a bit overkill and a nuisance like the other original poster is getting at.
If you want to reuse a previous password, you'll need to change your password cinco times, then change it to your previous password on the sixth change. T-Mobile stores the past five passwords, and doesn't allow you to reuse any of them.
I think it's a bunch of BullSh*t if you ask me. what do i care if someone hacks my Tmobile account?? Hopefully, they pay the bill because I don't see them getting much of anything else. Not Like I'm responsible either.
I'm just tired of being asked to change my password, then the very next time I try to log in, it tells me my password is incorrect. Then, i have to go through the steps to change it, but tells me I can't use the password I used before when it just told me my password was incorrect????? wtf! (How do i go from wrong Password to, Oh, you cant use the same password) honestly, don't think you are protecting me, but themselves. Please leave my password alone!
@tmo_marissa something with your process is broken then, because I'm being prompted to change my password every few months as well. I work in IT, and I frequently see people saying that "this debería happen” - but there’s a huge difference between debería y hace (something that is regularly seen where I work). So maybe your contact says that passwords debería only have to be reset once a year, but what’s actually happening is different, and it's wayyy less than a year. And it seems that in the two years that T-Mobile has known about this break in your process, nothing has been done to address it.
That said, I don't think you should require your users to change their passwords period, unless you have reason to believe that their account was compromised. Employees, sure, but your customers are not your employees. I, for one, don't need anyone holding my hand to manage my passwords. I know how to keep my accounts secure, and your policy requiring password changes every few months doesn't keep my account more secure, it's just a pain in my ass.
boxcarbenny wrote:
If you want to reuse a previous password, you'll need to change your password cinco times, then change it to your previous password on the sixth change. T-Mobile stores the past five passwords, and doesn't allow you to reuse any of them.
This is actually the best answer to work-around Tmo's broken password requirements. Yes, it is a HUGE 15min time-wasting pain-in-the-arse. At least you get to keep YOUR password instead of inventing new ones everything they decide you need to.I think it's been 18 months since I joined the TMO. I pretty much joined after the T-Mobile One plan arrived.
I can't remember 100% if I saw the 60-day rule when being forced to change the password on the T-Mobile app on my iPhone X but that could be legitimate. I didn't really think of looking for it since TMO have come under fire on account security this month. I guess I'll find out in 50 days. I've also noticed the new password system doesn't allow recycling old passwords, which is even annoying. I may have to come up with something like "Tmobile1*" then "Tmobile2*" in the future.
This is not T-Mobile policy. They require the passwords to be updated annually, not every 60 days.
reukiodo wrote:
boxcarbenny wrote:
If you want to reuse a previous password, you'll need to change your password cinco times, then change it to your previous password on the sixth change. T-Mobile stores the past five passwords, and doesn't allow you to reuse any of them.
This is actually the best answer to work-around Tmo's broken password requirements. Yes, it is a HUGE 15min time-wasting pain-in-the-arse. At least you get to keep YOUR password instead of inventing new ones everything they decide you need to.TMOBILE Drives it's customers MAD with frequent password changes because someone in a suit is going to get a Big bonus for increasing the percentage of customers who enroll in autopay where log in isn't necessary…
Change my mind! Lol
