Forum Discussion
Trouble Updating Password
Making note of a very frustrating issue I've been dealing with for, as best as I can recall, at least a year.
I flag my account to force a password update every 72 days. On the magical day, and I'm not sure why, but everything falls apart. Today, I experienced this and want to outline the scenario.
Tried signing into outlook web via Chrome on a PC and was told I needed to update my password. Type the new password twice (top box and lower box) and was told "The new password must be different from the old password." I can assure you, this password was not only different than my old password, it was also different than any password I've ever used before. With this, I am unable to update my password.
I tried resetting from a different device in Chrome and received the same message and error.
Back on the PC, I tried the process in Edge and had the same issue - was told "The new password must be different from the old password."
Tried using the "Forgot Password" option (although I knew my existing (or old) password) and was told to enter my 2FA code. I entered that and was told "There is a temporary disruption in this service. Please try again later."
All the while, my phone is still pulling in emails and OneDrive claims to be connected. Killed Phone Link, killed OneDrive, tested again and still was unable to update my password.
In the end, I had to use the "Forgot Password" option and click "Use Other Method" to bypass 2FA and use my backup email to receive the code.
I make mention of this because I've been having this issue, every 72 days, for a long time now and, when I search for a solution, I find other posts about this that are years old. I do believe this is a bug in the setting for having the system force us to update our password every 72 days. Moving forward, my plan is to set a recurring reminder to reset the password every 90 days or so and bypass this 72 day "feature" for my MSFT account.
Just providing the details of the issue and my workaround in case this helps someone else and helps to bring the issue to the attention of those on the inside in case a solution can be developed down the road.
Thanks,
Mirage
3 Replies
- Check Service Health:
- Monitor the Azure AD Service Health (if part of an organization) or Microsoft Account status page for known issues during password reset attempts.
- Reset Password from Portal:
- Instead of relying on prompted updates, proactively update your password directly from:
- Microsoft 365 portal (work account).
- Account security settings (personal account).
- Instead of relying on prompted updates, proactively update your password directly from:
- Enable Passwordless Authentication:
- Consider moving to passwordless options, like Microsoft Authenticator or Windows Hello, for seamless access without relying on periodic password updates.
- Check Service Health:
1. Clear Cached Credentials
- On the devices where you attempt the password update:
- Clear browser cache: Ensure that the old authentication cookies and tokens are cleared.
- Sign out from all sessions: Use the option to sign out from all devices in your Microsoft account or organization portal to eliminate cached credential conflicts.
2. Use InPrivate/Incognito Mode
- Always initiate password changes from a private/incognito browser session. This avoids interference from saved or cached data in your primary session.
3. Investigate Security Policies
- Check with your organization’s IT department (or review your account settings) to:
- Validate the password policy, especially the password history retention settings.
- Ensure there's no discrepancy in the number of previously used passwords stored and compared.
4. Temporary 2FA Disruption
- Use backup authentication methods as you did, but report the 2FA service issue through Microsoft’s feedback channels:
- Open a ticket with Microsoft Support if it affects your productivity regularly.
- Enable additional backup methods (e.g., hardware tokens, authenticator app) to reduce reliance on email for bypasses.
5. Automate Password Reminders
- If the 72-day reset mechanism isn’t working smoothly, set up a manual reset cycle. You can automate reminders via calendar or task scheduling tools.
- On the devices where you attempt the password update:
- "The new password must be different from the old password" Error:
- This message often stems from password history enforcement in your organization’s or account’s security policy. Even though the password you selected is genuinely new, there could be an issue with:
- Stale cache: Session-related credentials could interfere during the update.
- Validation glitch: A server-side problem with the password comparison logic.
- This message often stems from password history enforcement in your organization’s or account’s security policy. Even though the password you selected is genuinely new, there could be an issue with:
- 2FA and "Temporary Disruption":
- This error suggests a possible problem with your account's authentication services (e.g., Azure AD, Microsoft Account backend) during peak times or server-side interruptions.
- Backup authentication methods worked, but the primary flow failed, which points to specific service-level instability during password resets.
- Device-Specific Behavior:
- The fact that your phone continued syncing emails and OneDrive remained connected implies that your old session tokens and app-specific passwords were still valid until the password change was completed.
- "The new password must be different from the old password" Error:
