Forum Discussion
Forced to reset my password
Why does T Mobile's website force you to reset your password every couple of months!?
When banking institutions who actually MANAGE YOUR MONEY leave you in peace, it's crazy for a phone company to force you to reset.
I know the generic IT response will be "it's for security reasons", but you shouldn't FORCE your customer to "be secure". It should be a warning where we get the OPTION to reset, not being forced to do so.
So I guess my question is, is there a way to opt out of this "security feature" or someone I can talk to that can disable that from my account? After a full year of this nonsense, I'm getting to the point where I'm willing to leave the company if I don't get a resolution soon.
Well other than for security reasons it's just good practice. With as many Wireless account as there are being hacked into with people's information being stolen and accounts being changed it's somewhat important to have an updated password as well as account verification PIN numbers.
nonetheless this is a standard industry practice and there is no way to opt out of it.
Uh - sorry, no. This is not "standard industry practice". Of all the various accounts I have had elsewhere, this is the only place that FORCES it. Well, Yahoo forced it sometime back after a security breach... that's all I can think of. This is infuriating. I have VERY secure passwords built on a memorized algorithm and this is the only place that really screws it up. I have had to change it at least 4 times in the last couple of years. HATE IT. You need to have an OPT OUT.
Your opinion is wrong.
I've been complaining about this forced password reset for a couple of years.
Allow me to point you to several sources over the last few years on why frequent password changes are bad:
Time to rethink mandatory password changes | Comisión Federal de ComercioFrom NIST - the United State National Institute for Standards and Technology.
Q-B5: Is password expiration no longer recommended?
A research paper from University of Maryland on why bits of entropy in a password matter more than rules like At least one uppercase letter, one lowercase letter, a number, and a symbol.
http://www.cs.umd.edu/~jkatz/security/downloads/passwords_revealed-weir.pdfI think I'll believe the security experts over T-Mobile's security decisions.
I cant agree with that at all but none the less that's just my opinion.
you could do like I do and get two-factor authentication so that once you login you have to get a text sent to your device that you enter in the code. There is extra security there. After all if they don't have your device they don't get the text message.
T-mobile is way behind the times on this. It used to be best practice to change your password every few months to prevent someone from being able to repeatedly try to log in as you, with a new password guess each time. Now, it's considered significantly more risky to force a password change frequently because it increases the risk that people will write the password down somewhere like a notepad near the keyboard or a stickynote in the wallet. Unfortunately, T-Mobile's idea of security is to irritate enough customers that they leave for other providers, thus reducing their risk.
Well other than for security reasons it's just good practice. With as many Wireless account as there are being hacked into with people's information being stolen and accounts being changed it's somewhat important to have an updated password as well as account verification PIN numbers.
nonetheless this is a standard industry practice and there is no way to opt out of it.
