Plex appears to have invalidated (session) tokens. When I tried to follow the stated Plex advice and change my password, the form showed a generic message about invalid tokens.
As a workaround, I manually deleted my browser cookies and triggered a fresh password reset link.
Please:
- Ignore token cookies when processing password reset forms.
- Explicitly recommend deleting plex.tv domain Web browser cookies.
Also, default, modern, secure Proton memorable passwords are rejected by Plex’s password create/update forms.
NIST hasn’t recommended depending on special characters for secure passwords for some time now. The current recommendation is to emphasize the length of the password.
Please:
- Encourage longer passwords.
- Relax antiquated complexity requirements about any specific classes of character ranges (special characters, punctuations, casing, etc.)
https://www.hipaajournal.com/nist-password-guidelines-update-2024/
