When will the password changing pestilence stop?

[larksyrm]

I was reminded once again this weekend that changing your password on a regular basis is nothing for the faint of heart. It took me about 4h+ and i still need to change password in a few apps ;-)

The same procedure took me about 4sec+ on my Android devices since i only had to do it at ONE location instead of doing it in every single app.

Is there any plans for Microsoft to have the same concept in regards of account management?

OK, ill stop nagging now...

BR,
Johannes

 

[Nerdy Woman]

Wow. I only received that message once and ignored it. Went to my computer to verify the login there was still the same (since I use the same MS ID on both devices).

The reason you could change it in 4 seconds on your Android is a password storage folder? You might want to run a search on android password security risk and see the kinds of websites that show up in the results -- hackers' paradise.

As for repeated reminders, on your computer, go to outlook.com or live.com, log in using the same ID you use on your phone, and then click on your name in the upper right corner and select Account settings. From the menu on the left, select Security & Password, then Change Password. Is the checkbox at the bottom checked, requiring you to change your password every 72 days???

 

[larksyrm]

I change ALL my passwords on a regular basis, at least once every two weeks. On my android devices i have my Google & Microsoft ID's in the account management and ALL (well, almost all) apps use the central account, so all i have to do is change the account in the Android Settings.

In Windows Phone it does not work the same way, and hey some apps even have their own proprietary system which exposes my password to the third party developer, this is NOT ok at all but i have a few apps that works this way. Hey, im not even sure my Instagram-client uses the official API's either since it is disguised in its own forms.

I would actually say that Androids way of doing it is much better since it makes it easier for users to have a frequent schedule for changing their passwords. If you have to spend hours to re-authorize all you apps you wont change them at all.

Best Regards,
​Johannes

 

[Nerdy Woman]

I used to change passwords much more frequently, but with Microsoft showing me recent activity in my account settings, I don't worry so much anymore. I can count 8 or 9 occasions in the past year when someone attempted (unsuccessfully) to log in to my MS ID. All successful log ins were from my IP.

If you are really concerned, you might check out the two-step authenticator. Given Android's security vulnerabilities, I can understand changing passwords there. Case in point was the recent Heartbleed virus: Microsoft servers weren't affected because they don't run Apache servers.

 

[larksyrm]

I think i was a little bit unclear in my initial post, i still think it is stupid to scare off users by creating a security framework that discourages frequent password changes. It IS a PITA to change your passwords on WP and that do scare off many users and it really annoys me since i actually do change my passwords frequently ;-)

Well, the different platforms works differently, but as i said it is really scaring people off by having to login to every single app each time you either change your passwords or do a hard reset.

BR,
Johannes

 

[RuleOfSines]

I actually prefer to have to change each app individually myself. If I change my password because I may be concerned about who/what is using it, I want everything that was using those credentials to fail. Then I can decide on a case-by-case whether or not I actually want to reactivate that particular app.

 

[TechFreak1]

Well it is generally best security practice to have different passwords for different accounts and apps, this way if any of the accounts are hacked (or the servers holding such data is hacked) they don't have access to your other accounts and data.