password change

  • 24 July 2020
  • 3 replies
  • 125 views

Badge

I am not sure what the current policy is in terms of time, but the forced change of password every so many months is not only annoying but useless.  That has been attested to by many customers on these threads, but also by others in the field.  (https://arstechnica.com/information-technology/2016/08/frequent-password-changes-are-the-enemy-of-security-ftc-technologist-says/#:~:text=Frequent%20password%20changes%20do%20little,was%20happy%20to%20provide%20it.)  I have only had Tmobile a few years but have been forced to chang passwords many times.  And then the inevitable “cannot use recently used password” which prompts most people to add a character or number.  This is not secure.  Add to that the frustration of forgetting the slight change (we have dozens of accounts these days! They can’t all be the same one or two passwords!) and then we are forced to change it YET AGAIN, and possibly repeat this cycle the following month.  Have as part of the agreement that if the customer doesn’t change their own password a certain amount of times any hacking of their account is on them.  Let us decide when and how often we change it.  The uselessness of it seems to indicate that either Tmobile doesn’t know how useless it is, or is only doing it for some sort of legal protection.  And the byproduct is customer frustration.


3 replies

Badge

and another article, by the FTC
https://www.ftc.gov/news-events/blogs/techftc/2016/03/time-rethink-mandatory-password-changes

Badge

T-Mobile, I tried paying my bill a few days ago, but got stuck on your forced password change and was locked out of my account.  The following day I was out of town and busy from morning to night.  The reason my bill was paid two days late is because of your stupid forced password change. Even today my security questions don’t work, so I authenticated to this message board via SMS.  (Why do I need to authenticate when already logged into https://my.t-mobile.com ?  Is it a technical issue or is this board hosted by Fort Knox?)

My litmus test for these things is the big banks.  If banks like JP Morgan Chase don’t require regular password changes, then why are you so special?  While in some books it may be a “best practice”, it’s also an easy way to annoy customers.  And my password was already very, very long.

While I’m at it, how about an option to let customers see what they’re typing when both setting-up and later entering answers to security questions?  And asking users to enter their answers twice?  This would also save a little frustration.

I am hoping you take this thread and others like it into consideration before the next password change comes around.  Anyone who goes through the trouble of posting here should be taken seriously.

Badge

I just add FUCKTMOBILE to the end of my password.

Reply