Changing Passwords

[kaneohe]

What is your experience changing passwords (not necessarily at this site).
Today I changed passwords at a couple of sites but was not able to log in to those sites some minutes or hrs later with both the new and old passwords. Some months earlier , I changed the password on yahoo mail but wasn't able to log in with the new password until the next AM. Is there normally some period or cycle that has to be passed before the new password is effective? but the old password is cancelled immediately?

 

[braumeister]

It depends on the site and its standard practices. Sometimes it's immediate, sometimes it takes overnight, or somewhere in between.

Sometimes you can have this problem and overcome it by simply clearing your browser's cache. There may be on old cookie from the site that needs to be updated.

Incidentally, I've noticed that some of my password sites have recently been strengthening their requirements. 15 characters or more, with mixed upper/lower case letters, numbers and special symbols seems to be the new normal. Another reason to use a good password manager.

 

[target2019]

What is your experience changing passwords (not necessarily at this site).
Today I changed passwords at a couple of sites but was not able to log in to those sites some minutes or hrs later with both the new and old passwords. Some months earlier , I changed the password on yahoo mail but wasn't able to log in with the new password until the next AM. Is there normally some period or cycle that has to be passed before the new password is effective? but the old password is cancelled immediately?

Every system is different, so you can't generalize experiences with passwords. Yahoo may have safeguards. For instance, many sites now will alert your phone if a password changes. But is not implemented the same way on every site.

You absolutely should not be locked out, with neither old or new password working. Did you reboot and try again?

Yahoo has always been slow in mail delivery, in my opinion. It is not my first choice for critical mail for that reason.

 

[kaneohe]

target and braumeister........appreciate very much your quick responses......and the tip about the cache. Makes me feel more optimistic that things might work out and that nothing sinister is happening. Was able to get Groupon to work by saying I forgot the password and then reset and worked immediately........why it didn't do that the first time is beyond me.

Hope I can remember the cache tip in the future.......and will try on the other one that failed next.

Thanks again.

 

[lemming]

What I hate is the lost your password recovery. They unlock the door for you You usually just need a # or info that could be found on a stolen piece of mail and an email address.

 

[RunningBum]

It's also possible that you changed your password but not to what you think it was. Maybe you thought you were changing it to abcd but really typed abce.

 

[mickeyd]

My Hotmail account requires me to change the PW every 72 days. It also asks me it I want to do it for the next 72 days after I change it. I had a bit of trouble in the past with someone using my account improperly and decided to take this easy measure to eliminate the problem. So far, so good.

 

[W2R]

Never had a problem.

My main password problem is that if I don't use an account for, say, a year or so, the password doesn't work any more and I have to send off an e-mail to have it changed. For some reason I find that to be so annoying.

 

[growing_older]

Password changes should be automatic and immediate. I have never had a site require me to delay login after I changed a password. I have occasionally mistyped a password, but never had a site require me to wait before using a new password.

 

[kaneohe]

Again, thanks to all for your comments/experiences. Update is that I finally have changed passwords successfully to the 2 sites. In both cases, it was after I gave up and hit the "forgot my password" link. Then I got sent an e-mail to reset password and input new one. Worked immediately afterwards.

So only remaining mystery why I was not successful seemingly doing the change myself by logging on w/ old password, requesting change, inputting new password twice, then hitting the change password button.

Can going the "forgot my password" link method somehow change my cache even tho I don't do it myself? Sometimes, you're happy just to have the dang thing work and don't really care anymore but it's not a very satisfying feeling for the next time................

 

[braumeister]

I have read more than once that the most common error people make is putting in a new password with the caps lock key activated and not realizing it. Then when they try to use their new password the next time, it doesn't match.

 

[veremchuka]

I never changed any password where it wasn't immediately in effect.

Some people change passwords every X days for security reasons and that's not a bad idea if you feel better doing that. I don't do that.

I have very difficult userids and passwords for anything where security is required. For example for Vanguard my userid would be mI9&Ap3* and my password would be K4d*Hb1%L9 and when they expand the password length (supposed to be this summer) I'll add as many characters as they up it to. These userids and passwords are meaningless and can't be remembered so I use a password vault to store them. The password to the vault is very long and is a series of phrases where I use the 1st letter of each word and dates associated with the phrases. This creates a secure master password that I can easily remember. Due to the complexity of these stored userids and passwords I don't change them. I have 3 backups stored off the pc of the password vault... just in case.

 

[kaneohe]

I have read more than once that the most common error people make is putting in a new password with the caps lock key activated and not realizing it. Then when they try to use their new password the next time, it doesn't match.

can never be sure of anything so that's an interesting possibility. still don't think that was it bc the e-mail address was asked for and you can see what you are typing there; not so w/ password but that follows immediately after the e-mail so unlikely the CAPS would have been on this AM.

 

[HighRoller]

I never changed any password where it wasn't immediately in effect.

Same here.

 

[sengsational]

I use LastPass and it picks gibberish passwords for me. I don't know them and I don't even look at them. Usually when I'm forced into a password change, LastPass recognizes the screen and offers up a gibberish password, I say yes, and then it asks if I want to replace the old one and I say yes. Done. The free one works on web browsers and you pay $12 if you want to use it on your mobile device.

To direct this slightly toward's the OP's question and in relation to typing "abcd" vs "abce" as an explanation of why you can't log on with a newly created password, if you have a password manager or use copy/paste you can eliminate that problem.

One experience that my megacorp has sometimes, and this is a behind the scenes view, since I'm the one running the eCommerce site, is that we have two systems...the application side and the security side. There are plenty of times when the applications are up, and the authentication works, but the new password stuff is not quite up to snuff at the moment. So, the application sees it's time for you to change password, and directs you off a cliff, hehe. Not saying it happens a lot, but it does happen.

 

[harley]

My Hotmail account requires me to change the PW every 72 days. It also asks me it I want to do it for the next 72 days after I change it. I had a bit of trouble in the past with someone using my account improperly and decided to take this easy measure to eliminate the problem. So far, so good.

That's weird, I've had the same password on my hotmail account for 16 years. I wonder if I'm grandfathered in or something.

 

[kaneohe]

another datapoint.........changed password on Living Social.....the one that got hacked and started this whole thing.......got the e-mail after asking for a reset ,
changed password which was accepted, but was not able to login twice when trying immediately after the change. Waited a few hrs, then logged in successfully w/o clearing cache so still don't know what would have happened if I had done the cache clearing immediately after making change.