Forum Discussion
Solved
Changing password every 60 days is a terrible policy
I recently log into my.t-mobile site and have to change my password due to this new policy. This new policy is terrible due to multiple reasons. Anyone who is current on IT security should know that changing your new secured/selected password to something new randomly causes more trouble than its worth. User can't remember these new things every 60 days if you create a secure combination for your password.
I don't log in to t-mobile every day to see/change things. If you cannot secure my password in the first place, it's not our faults. Don't force us to change ours to cover your problem.
Hey, @timph! I heard back from our contact who owns the content around the password change process; and was advised firmly that as the system stands, password changes should only be required once a year -- though as best practice we recommend changing them more frequently. I know this conflicts with what you saw, so while I wish i could explain the difference, I'm sorry to say I'm not able to speak to that.
@scott523, in this case, that means that you were able to use the same password for longer than designed before the update prompt, which I believe is because this policy wasn't implemented when your account was initially started -- after reviewing revisions to our documents, it looks like the Prompted to change your password section was added at the beginning of this year.
Reset your T-Mobile ID password has been updated to call out the yearly password change requirement in the Prompted to change your password section, and I'm also adding the feedback that we include the password recycling rule in the requirements section as well -- hopefully that will be OK with our content folks!
Thank you again very much again for your feedback around this. I know that adding an extra step to your day by having to create a new password with some relatively stringent requirements compared to other sites isn't fun, but at least we can confirm that this shouldn't happen frequently. If it does; please let us know.
I think it's a bunch of BullSh*t if you ask me. what do i care if someone hacks my Tmobile account?? Hopefully, they pay the bill because I don't see them getting much of anything else. Not Like I'm responsible either.
I'm just tired of being asked to change my password, then the very next time I try to log in, it tells me my password is incorrect. Then, i have to go through the steps to change it, but tells me I can't use the password I used before when it just told me my password was incorrect????? wtf! (How do i go from wrong Password to, Oh, you cant use the same password) honestly, don't think you are protecting me, but themselves. Please leave my password alone!
I have been forced to change my "my t-mobile" password twice this year, six months apart, June 2018 and today. I can show you the confirmation emails. Each time the system said it was because my password was "too old". It was not by choice. Also, the list of acceptable password characters is too short.
I understand what y'all are saying, but the original post was in regards to a POLICY which requires frequent password changes. If you are trying to log in and are prompted to change your password more than once per year, this warrants a trouble ticket to be filed with engineering.
the worst part about this that there's comment after comment with people saying their being asked to change their passwords multiple times in a year, and this isn't the only forum I've seen it. and the customer service response seems to be nah-ah. At some point you'd think they'd say "hmmmm we've received multiple complaints that we are forcing passwords changes every few months, maybe we have an issue" but not t-mobile.
This is a load of crap, there's NO WAY it's been a year since you made me change my password. I've had to change it 3 times this year. My phone needs to be replaced so I think it's time I start shopping around for a new service provider. It's bad enough you jackasses are making me change my password every few months but to have your reps come on hear and lie about the frequency is just too much. Like we aren't going to know we've had to change are passwords at least 3 times in 2018 alone. pathetic.
Just because they don't say it's their policy doesn't mean it isn't. I've been FORCED to change my password several times this year.
You are spot on with this reply. Tmobile has an extremely frustrating password process. You'd think that since they aren't the best service in terms of quality, they'd make up for it in the way they treat their customers.
This is not T-Mobile policy. They require the passwords to be updated annually, not every 60 days.
This policy:
- increases the friction for users to pay their bills (brilliant business move t-mobile...)
- is super insecure
- is frustrating and annoying (Project Fi looks better every day)
Please consider hiring a more knowledgeable security expert to make these policy decisions.
If you want to reuse a previous password, you'll need to change your password five times, then change it to your previous password on the sixth change. T-Mobile stores the past five passwords, and doesn't allow you to reuse any of them.
