Help, I Forgot My Password!

I forgot my password

It’s happened to the best of us. You thought you wrote it down. You’re sure it’s on a sticky note somewhere. Maybe you used a capital letter instead of a lower case one.

Whatever happened, you find yourself at the login screen with no idea what your password is. Fear not, there is a way through.

Before I show you what to do, let me just beat the drum again on the value of using a password manager. It’s not just for your security either, it’s more convenient in the long run.

Virtually any login page will have a way to reset your password. It’s bad news if they send you your original password, because it means they are using poor security practices. The site should have no idea what your password is because they’re using one-way encryption. In any case, look for a link that says something like, “Forgot Password?” or “Lost your password?”

Click the link, then enter your username or email address. The site will tell you which one to use. Let’s go through some examples.

Wordpress login

Your Wordpress blog’s login page has the “Lost your password?” link at the bottom left. Click on it, then enter your Username or E-mail and click Get New Password.

Google login

Google’s login page has a less-informative “Need help?” Click on it.

Google login secondary

Select “I don’t know my password”, then enter your email address and click the blue Continue button. If you think you know the password, enter it in the text field, otherwise click I don’t know. They will then confirm your secondary email address and send you information. Your email account is a special case. Since you can’t login, having forgotten the password, you use a secondary email account.

Hostgator login

With a Hostgator account, just click “Forgot Password?” and enter your account’s email address.

Check Your Email

The whole idea is to get an email with a special link. You may have to wait a few minutes before the email arrives. Once it shows up in your email inbox, read the instructions, then click the link or do whatever it says to do.

The link will typically do one of two things.

  • Let you choose another password
  • Create a new password for you

Most web sites will let you choose another password, but some will create a new password for you. Ideally they will then have you change it once you log in, but even if they don’t, change your password anyway.

Once you’re logged in, make a note of your new password (in your new password manager I hope) and you’re all set.

The Importance of Your Inbox

This should also make you realize how valuable your email inbox is to your security. With access to your email account, an attacker could reset the password of all of your logins (including your email) and take over all of your accounts.

This is one of the reasons I highly recommend you protect your email account with two-factor authentication.

Here’s a screencast I made back in 2012 when I first started using Two Factor Authentication. The reason I started using it was reading about Mat Honan’s experience. It made me realize your accounts can still be vulnerable to social engineering, even with a secure password.

And two-factor authentication sounds more complex than it is. It just means you have to type in a 6-digit number in addition to your password. This can be sent to you via text message or using an app on your phone. And the app doesn’t even need WiFi or a data plan to work.

I now use two-factor authentication on several accounts. I’m not about to reveal my passwords, but Christopher Mims did just that and his Twitter account remained safe. But he did have to change his cell phone number after hundreds of people tried to break into his account.

One More Plug

I’m going to give one last reason to use a password manager, then I promise I’ll stop harping on it (at least for now). The past few years have seen several major security breaches on sites like eBay, Facebook, Google, Yahoo, LinkedIn and Twitter.

Millions of passwords were exposed and I have accounts at every single one of those sites. However, as soon as I found out about the breach, I simply opened my password manager, generated a new password with two clicks of the mouse and updated my password on the site.

Though headlines claim the password is dying, they’ll still be used for a good many years ahead. Stay safe.

July 25, 2014
760 words
4 minute read

Categories

Tech Help Newsletter