User Profile
Matthew
Newbie Caller
Joined 4 years ago
User Widgets
Contribuciones
Re: Forced to reset my password
snn555 wrote: Well other than for security reasons it's just good practice. With as many Wireless account as there are being hacked into with people's information being stolen and accounts being changed it's somewhat important to have an updated password as well as account verification PIN numbers. nonetheless this is a standard industry practice and there is no way to opt out of it. The correct forced password change interval is *never*. This is a bad, bad policy and I can't believe T-Mobile is sticking to its guns on this. Changing a password that is not known to be compromised does NOT improve security, and on the contrary, only forces frustrated users to choose simpler, less secure passwords--or even worse, re-use them.18Visto1like0ComentariosRe: Changing password every 60 days is a terrible policy
tmo_marissa wrote: Hey,@timph! I heard back from our contact who owns the content around the password change process; and was advised firmly that as the system stands, password changes should only be required once a year -- though as best practice we recommend changing them more frequently. I know this conflicts with what you saw, so while I wish i could explain the difference, I'm sorry to say I'm not able to speak to that. @scott523, in this case, that means that you were able to use the same password for longer than designed before the update prompt, which I believe is because this policy wasn't implemented when your account was initially started -- after reviewing revisions to our documents, it looks like the Prompted to change your password section was added at the beginning of this year. Reset your T-Mobile ID password has been updated to call out the yearly password change requirement in the Prompted to change your password section, and I'm also adding the feedback that we include the password recycling rule in the requirements section as well -- hopefully that will be OK with our content folks! Thank you again very much again for your feedback around this. I know that adding an extra step to your day by having to create a new password with some relatively stringent requirements compared to other sites isn't fun, but at least we can confirm that this shouldn't happen frequently. If it does; please let us know. The correct forced password change interval is *never*. This is a bad, bad policy and I can't believe T-Mobile is sticking to its guns on this. Changing a password that is not known to be compromised does NOT improve security, and on the contrary, only forces frustrated users to choose simpler, less secure passwords--or even worse, re-use them.8Visto1like0Comentarios