Security and Authentication

Turn off password expiration for

Get rid of the expiration on passwords on MyUSPTO -- a good password that isn't reused across multiple platforms can be permanent.


Is this solving a genuine and identifiable problem? No. Is there any conceivable way that a bad guy could get into and, for example, expropriate money from one of the credit cards? NO!!! The only payee is the uspto! Nobody's going to hack into a MyUSPTO account to when he/she can't take money out, and the only possibility is to give money to the PTO! Get real! Passwords have to be coordinated among all legal assistants -- the communication creates a bigger risk than any perceived risk that might be attenuated.


If banks don't use expiring passwords when there's a real risk of stealing real money, and the bank is the party at risk) how can it make sense for expiring passwords on MyUSPTO?


Because of this dumb idea, I now have my MyUSPTO password on a sticky stuck to my computer -- a big breach of security. It's the ONLY password I need to do this with, because USPTO is the only organization that is simultaneously uninformed about actual security practices, and customer-unfriendly, enough to have expiring passwords.


Researchers have generally called into question the merit of password expiration. See: And


These papers are cited on an FTC web page titled “Time to rethink mandatory password changes” by a person having the title “Chief Technologist”. See:


David Boundy



21 votes
21 up votes
0 down votes
Idea No. 173