top | item 587256

Ask PG: What if I forget my password?

29 points| csomar | 17 years ago | reply

I tried to log today (just by now), but I forgot my password, I even forgot if I had signed a simple account or using the click pass (i finally logged by trying the different signs up and the Google one worked for me).

I wander why HN don't implement a simple Passowrd recovery application, that let you recover your password using your username and send you the password reset to email.

Or what if I did forget my pass??

45 comments

[+] paulgb|17 years ago|reply

I know it doesn't solve the problem now, but if you worry about forgetting passwords, SuperGenPass is a pretty good solution: http://supergenpass.com/

(I have not involvement with that site except as a user, but it's one of those things that I feel compelled to plug because it has made my life so much easier.)

[+] tezza|17 years ago|reply

Thanks paulgb, useful link

This topic has come up many times on Slashdot... I'll share my digest of interesting link

Pronouncable Passwords :: http://www.multicians.org/thvv/gpw.html :: generate a memorable basis point, add unique randomness on top. Very good for teams where the secret 'salt' is shared, but you can remind teammates which password is used verbally

Keepass :: http://keepass.info/ :: Self encrypting db with GUI tools

Diceware :: http://world.std.com/~reinhold/diceware.html :: offline strong password generator

[+] superchink|17 years ago|reply

Or for any losers on OS X, I highly recommend 1Password: http://agilewebsolutions.com/products/1Password

It stores an encrypted DB accessible via a master password, and it works great with something like DropBox if you use multiple machines. It also works w/ multiple logins per site.

[+] mattmaroon|17 years ago|reply

Kind of a tough problem since you don't give an email address when you sign up. You just pick a username and password. I can't really think of a reasonably secure way to deliver a new password in that scenario.

[+] unknown|17 years ago|reply

[deleted]

[+] pg|17 years ago|reply

It isn't that common. If it becomes more common I'll write something for it.

[+] zellynhunter|17 years ago|reply

How do you know whether it's common or not? I've sat there several times trying to remember my password, remember whether I used Clickpass or not, etc. Finally, I just decide it's not worth commenting, and close the browser tab. (Posting under newly created account because I still can't figure out my old account's password.)

[+] geuis|17 years ago|reply

pg, can you personally help this fellow out? Its such as a rare occurrence, like you said, and its always good to be able to retrieve your account. I lost at least 2 accounts on Digg over the years(before I stopped using it) and was never able to retrieve them.

[+] tialys|17 years ago|reply

About 3 weeks ago, I got so irritated with trying to log in from time to time that I sat down for about an hour and tested every fat-finger combination of the password I used that I could think of. I took me about 40 tries, but I finally found that I'd hit a letter twice (somehow in both fields!). I really wanted to keep everything under my account, so I wasn't going to just make a new account, but it frustrated me to no end that I couldn't just reset my password and move on. Since finding my password, I've changed it to something else, but also added an openid account, so on the rare chance this happens again, hopefully I won't be left out in the cold.

[+] tjic|17 years ago|reply

It's happened to me. I had to jump through hoops to get it back (a browser had it stored, so I set the browser to use a proxy, then had the proxy spit out the form including my password)

[+] LeBleu|17 years ago|reply

I'm curious how you know its not common. I know there are multiple posts on the suggestion board about it, including my own. (Work browser had login credentials cached, but I couldn't figure out what I used to log in at home. I think I finally just used work browser to set a password, cuz I couldn't remember which OpenID I used.)

[+] kingsley_20|17 years ago|reply

Yes, it's happened to me too. Mostly because I thought I'd signed in with clickpass, which I had, but had also created a password. It did come to me finally, or I'd be stuck using HN from the same machine.

[+] presty|17 years ago|reply

on an unrelated issue, is it possible to merge the posts (and karma) of one account into another one?

[+] dreamz|17 years ago|reply

i've also noticed problems such as submissions and comments not going thru, though it has nothing to do with password problem but still...

[+] JeremyChase|17 years ago|reply

I had trouble recovering my password because the username is case sensitive, and I didn't realize it. I thought I was jeremychase and created a 2nd account until I figured out the case issue.

[+] RossM|17 years ago|reply

I had a similar issue - I forgot I'd registered with an OpenID and thus when attempting to login couldn't figure out why it would fail, even when using the correct case.

[+] nod|17 years ago|reply

I'd like a way to easily bind/remember "Which click pass site did I use?" for my account. I don't get logged out often, but when I do I usually try 2 or 3 different sites (eg. Google, Facebook, etc) before finding the one that links to my HN account.

And I'd be fine with "nod" -> "Facebook" (e.g.) mapping being public.

[+] g_lined|17 years ago|reply

I, for one, very much appreciate the fact this site doesn't require an e-mail address.

Many websites should offer e-mail-less logons since it's simply not necessary to have password retrieval or anything but basic authentication.

It makes signing up much easier. Since convenience is generally the price of security, I appreciate it when a website affords me the convenience of using the correct level of security.

[+] GordonRobertson|17 years ago|reply

Another option for generating passwords - http://simplepassword.com/?&domain=news.ycombinator.com

[+] quellhorst|17 years ago|reply

1Password doesn't forget my passwords, even if they are a 50 character hash.

[+] biohacker42|17 years ago|reply

I have no idea what my password is. I when I "signed up" I just typed something random on the keyboard as my password.

If I'm ever logged out I will lose all my shiny karma points. Those ain't worth much, c'est la vie.