Broadcom Customer Care

In order to protect Broadcom's IP and to improve security for our customers, starting from April 17th, 2020 the account password requirements will be changing.
At present below are the password configuration requirements for Broadcom User account:
• A password must be of least 8 characters.
• A password must have a lowercase letter.
• A password must have an uppercase letter.
• A password must not have any parts of the username.

As per new changes, a user's account password will be set to expire every 90 days and will require a reset before continuing to access their accounts. During resetting the password, a user cannot reuse the previously used 10 passwords.

Change Summary:
• Account Password Expiration – Every 90 days.
• Cannot reuse previously used 10 passwords when resetting.
• System will send "Password Expiration" notification informing users via their email.

Click here for more details and if you need any help, please contact Customer Care Team by submitting your request using Customer Care Webform.

------------------------------
Regards, 
Heena Tabassum
Customer Care Community Admin
Broadcom
------------------------------

Hello,
Another help added to the ease of two-factor authentication. I have not found this level of security in any software provider. Not even my bank. I feel almost so happy and safe as Symantec customers.
Regards.
Original Message:
Sent: 04-13-2020 02:54 PM
From: Heena Tabassum
Subject: Broadcom Account Password Restriction Changes

In order to protect Broadcom's IP and to improve security for our customers, starting from April 17th, 2020 the account password requirements will be changing.
At present below are the password configuration requirements for Broadcom User account:
• A password must be of least 8 characters.
• A password must have a lowercase letter.
• A password must have an uppercase letter.
• A password must not have any parts of the username.

As per new changes, a user's account password will be set to expire every 90 days and will require a reset before continuing to access their accounts. During resetting the password, a user cannot reuse the previously used 10 passwords.

Change Summary:
• Account Password Expiration – Every 90 days.
• Cannot reuse previously used 10 passwords when resetting.
• System will send "Password Expiration" notification informing users via their email.

Click here for more details and if you need any help, please contact Customer Care Team by submitting your request using Customer Care Webform.

------------------------------
Regards,
Heena Tabassum
Customer Care Community Admin
Broadcom
------------------------------

Dear Broadcom.

NIST, Microsoft, BSI, Apple and ​virtually everyone of rank in the IT world has updated their policies over the last several years to say that what you are implementing here under the guise of "security" is actually harmful to security. Enforced expiration is next to useless, enforced complexity only encourages cheap pattern passwords that no software can prevent. And the guy who came up with the password rotation pragma essentially appologized for it. This all should have been very straight-forward to google.

Here's just a random result from Google that neatly summarizes the guidelines of the US authority on this stuff:
https://nakedsecurity.sophos.com/2016/08/18/nists-new-password-rules-what-you-need-to-know/

And here's the authoritative source:

https://pages.nist.gov/800-63-3/sp800-63b.html#sec5

What you are about to implement are security guidelines of the last century (and it wasn't much common sense already back then to most people), and quite frankly it looks the part. You seem hell-bent on invonciniencing your user base, and your contributors any way you possibly can. I would ask you to reconsider if I had any hope a company would listen. Alas, I am just stating this as is.

Thank you.