Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Bob_Zimmerman
Advisor

Forced password reset?

I tried to log in to the forum earlier and was told my password had expired and needed to be reset. I don't think I've ever seen that before. The only sane reason I know of to force users to reset passwords is a suspected breach of an authentication database. NIST SP 800-63B 5.1.1.2: "Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator."

I use a randomly-generated password for my User Center account, not shared with anything else, and I don't see it in HaveIBeenPwned, so why the forced reset?

0 Kudos
4 Replies
_Val_
Admin
Admin

We are not aware of any forced reset. Passwords in UserCenter have validity for one year, AFAIK. Also, make sure you are using 2FA.

0 Kudos
Bob_Zimmerman
Advisor

I have a couple of accounts, with one coming up on ten years old. I don't think I've ever had to reset its password. Definitely not since 2015. Very odd.

0 Kudos
Bob_Zimmerman
Advisor

I just got a forced reset again. One of my other accounts passed the decade mark, and it's still using the same password.

I'll see what I can find out from Account Services.

0 Kudos
PhoneBoy
Admin
Admin

The CheckMates team doesn't have visibility into UserCenter accounts beyond the minimum information required to associate it with a community account.
That includes things like password resets.
Account Services would have to be consulted. 

0 Kudos