Forum Discussion
Forced to reset my password
Why does T Mobile's website force you to reset your password every couple of months!? When banking institutions who actually MANAGE YOUR MONEY leave you in peace, it's crazy for a phone compa...
Well other than for security reasons it's just good practice. With as many Wireless account as there are being hacked into with people's information being stolen and accounts being changed it's somewhat important to have an updated password as well as account verification PIN numbers.
nonetheless this is a standard industry practice and there is no way to opt out of it.
From the National Institute of Standards & Technology’s Password Guidelines, literally guideline #2:
2. Eliminate Periodic Resets
Many companies ask their users to reset their passwords every few months, thinking that any unauthorized person who obtained a user's password will soon be locked out. However, frequent password changes can actually make security worse.
It's difficult enough to remember one good password a year. And since users often have numerous passwords to remember already, they often resort to changing their passwords in predictable patterns, such as adding a single character to the end of their last password or replacing a letter with a symbol that looks like it (such as $ instead of S).
So if an attacker already knows a user’s previous password, it won’t be difficult to crack the new one. The NIST guidelines state that periodic password-change requirements should be removed for this reason.
