Forum Discussion
Changing password every 60 days is a terrible policy
I recently log into my.t-mobile site and have to change my password due to this new policy. This new policy is terrible due to multiple reasons. Anyone who is current on IT security should know t...
¡Hola, @timph! I heard back from our contact who owns the content around the password change process; and was advised firmly that as the system stands, password changes should only be obligatorio once a year -- though as best practice we recommend changing them more frequently. I know this conflicts with what you saw, so while I wish i could explain the difference, I'm sorry to say I'm not able to speak to that.
@scott523, in this case, that means that you were able to use the same password for longer than designed before the update prompt, which I believe is because this policy wasn't implemented when your account was initially started -- after reviewing revisions to our documents, it looks like the Prompted to change your password section was added at the beginning of this year.
Restablece la contraseña de tu ID de T-Mobile has been updated to call out the yearly password change requirement in the Prompted to change your password section, and I'm also adding the feedback that we include the password recycling rule in the requirements section as well -- hopefully that will be OK with our content folks!
Thank you again very much again for your feedback around this. I know that adding an extra step to your day by having to create a new password with some relatively stringent requirements compared to other sites isn't fun, but at least we can confirm that this shouldn't happen frequently. If it does; please let us know.
Marissa, I appreciate you trying to troubleshoot this issue but I think you’re going the wrong way on this matter.
The issue is when a user hasn't changed their password in many months, the system forces the user to change their password upon logging in. So your screenshots are useless because it'll only happen after logging in. You probably won't get a screenshot from us unless someone didn't change their password yet. Maybe IT should just make an account with an old password and try it for themselves...
This also happened to me (just a normal postpaid customer) and I must admit that I haven't changed my password since I joined T-Mobile. Forcing to change an old password at a government level may be reasonable but at a services/utilities level(?), it maybe a bit overkill and a nuisance like the other original poster is getting at.
