-1

Password policy conflicts with rights of disabled people

Matthew Lopes

March 14, 2024 19:02

None

Follow

I have brain damage and cannot use a site that forces me to update my password every year. I simply do not have the memory capacity for that sort of thing. 

While I'm not clear about what the federal laws of the USA require, I'm quite sure that "reasonable accommodations" for disabled people are part of the law for institutions both public and private.

As an information technology consultant, I can tell you that your password policy is not only offensive, but completely ineffective as there's no significant risk mitigation offered by that policy. A hacker can get a new password just as easily as they got the old one.

Please update your policy to reflect the rights of disabled Americans, many of whom are angry war veterans, like myself. As an industry expert, I can make things much more difficult for you if this request is ignored.

2 comments

• 
  Geni Customer Support March 20, 2024 21:45 Official comment

  Hi Matthew, thank you for bringing this to our attention.  We do feel that regularly changing your password is an important component in an effective password policy, in order to combat "credential stuffing" attacks.  That said, we are willing to make reasonable accommodations and as such, we have exempted your account from the annual password reset mechanism.

   

• 0
  
  Geni Support Team March 19, 2024 20:33

  Hi Matthew, thank you for contacting us with this concern. Please know we are investigating how we may be able to accommodate your request.