Forced Password Change

M
Userlevel 1

    This is absolutely idiotic. This protects no one. All it does is off your customer base. When a password has to be changed often, it will be in the least painful way. This is usually by adding another number or character to the end of the password. What services does this actually do to protect my account from fraud? None! Why? The fraud happens at the corporate level. For the few times that I have had fraudulent activity it was because *insert big name* was hacked. I was a victim of Equifax and Target hacks. Forcing me to change my password to check my bill/plan is just stupid.

 

I don't care for a response and I don't blame the mods. Just make sure the message reaches in the executives because right now they look like a bunch of jackasses.

10 replies

snn555
Rank
Userlevel 5

it's kind of difficult as a community member to see a post and not respond to it even if the poster doesn't request or demands no request.

Wells here's the thing about changing a password on a regular basis. A lot of websites all over the Internet get hacked. Some passwords are revealed others are not. Those websites aren't going to contact every single person. Also a lot of those accounts you may not even use anymore. They could have been one time logins and you never returned so you would never know. So after a certain amount of time passes by whenever you try to log back into some sites or accounts you'll be asked to change your password because that account has been disabled until you do so. You should be doing this on a regular basis anyway but at least if the password has been compromised you are being asked to change the password.

P
Userlevel 1

Get rid of this stupid option.  I have a password, if i want to change it, i will on my own. 

M

YES. Beyond stupid. I fully agree with the first note. Don’t care about the poor folks having to work for such a stupid company. But, asking for execs to make a change… peons like us don’t matter.

B

They blindly invoke very general security protocols, without basis; proves their security team is lazy and over-paid; forcing people to change passwords, especially though they have no history of issue, “just because” they’ve had it a long time, is very ignorant protocol invoked by too many.  It forces people to “write down” passwords and keep lists of which passwords, which sites. That is A HUGE security threat which is created by forcing people to change their passwords; IDIOTS!   And, even more stupid on websites, companies, where the biggest threat is that they can login and pay my bill for me !!!! 

E
Userlevel 1

This isnt about the security team being lazy, this is more about the security team being bad at what they do. It has been shown over and over that forcing password changes is LESS secure. 

For anyone that wants to hack someones TMobile account, it is really easy, all you need to do is get access to their desks or wherever they store their passwords for accounts like this. Usually a post it note on their desk. If you are lucky you can get it from a selfie at their desk with it accidentally in the background. 

A

T-mobile needs to accept, acknowledge they were wrong to force all users to change their passwords, to adopt archaic, ignorant, password security policies which have been confirmed and published as such by Federal Security experts. I want to use my former password that meets all guidelines, I know by heart (do not need to write or save anywhere except my own brain), and so no one else knows it either. That’s as secure as any User should be held responsible for. - dang T-mobile Internet Security (website) personnel should be ashamed for being ignorant, lazy, bad at what they do, and especially for refusing to admit it,

E

Even Microsoft has admitted that expiring passwords is counterproductive. T-Mobile, please leave our secure passwords alone!

B
Userlevel 1

I really hate this. Yet again here is evidence that T-Mobile doesn’t really care to make policies that protect users and user experience. This is about liability and compromise on resources to build proper security measures. Why is there no proper 2FA? The password change is an annoyance for users, but tolerable for T-mobile so that in a class action courtroom they would be able to claim they had strict security measures. 

T

Let us stick our votes together in protest of the idiotic policy of unlimited password change requests. Such a policy is just a sign the T-Mobile does not care about the security facts, not to mention our unpleasant experience of forced password changes. Similar complaints are a year or more old and nothing has been made to answer positively. Today’s one has been made on May 1st, 2022 an let us see when T-Mobile will respond, if ever at all.

W
Badge

Google "have you been pwned". There are several Video Pod case on this usfull weblink.

As for security goes, I have no complaints since I created a password manager some time ago. On one account has a password I used on other account.

On 02/28/2024, I sign-in on T-Mobile to pay my home 5G internet, and hotspot on one account. I entered my EMAIL, Password, and the six-digit code sent to my EMAIL, to sign-in. The two-step process is good protection.

T-Mobile force me to change the password that I have been using for over two years. A message on the web page I saw “we found your password compromised from a server outside of T-MOBILE” on the webpage.

I change password, paid the bill, and received three T-Mobile EMAIL, after payment was made. One EMAIL on password change, and two on the payment.

Reply


New badge winners

Show all badges
Terms & Conditions