
Ask PG: What if I forget my password? - csomar
I tried to log today (just by now), but I forgot my password, I even forgot if I had signed a simple account or using the click pass (i finally logged by trying the different signs up and the Google one worked for me).<p>I wander why HN don't implement a simple Passowrd recovery application, that let you recover your password using your username and send you the password reset to email.<p>Or what if I did forget my pass??
======
paulgb
I know it doesn't solve the problem now, but if you worry about forgetting
passwords, SuperGenPass is a pretty good solution: <http://supergenpass.com/>

(I have not involvement with that site except as a user, but it's one of those
things that I feel compelled to plug because it has made my life so much
easier.)

~~~
tezza
Thanks paulgb, useful link

\--

This topic has come up many times on Slashdot... I'll share my digest of
interesting link

Pronouncable Passwords :: <http://www.multicians.org/thvv/gpw.html> ::
generate a memorable basis point, add unique randomness on top. Very good for
teams where the secret 'salt' is shared, but you can remind teammates which
password is used verbally

Keepass :: <http://keepass.info/> :: Self encrypting db with GUI tools

Diceware :: <http://world.std.com/~reinhold/diceware.html> :: offline strong
password generator

------
mattmaroon
Kind of a tough problem since you don't give an email address when you sign
up. You just pick a username and password. I can't really think of a
reasonably secure way to deliver a new password in that scenario.

------
pg
It isn't that common. If it becomes more common I'll write something for it.

~~~
zellynhunter
How do you know whether it's common or not? I've sat there several times
trying to remember my password, remember whether I used Clickpass or not, etc.
Finally, I just decide it's not worth commenting, and close the browser tab.
(Posting under newly created account because I _still_ can't figure out my old
account's password.)

~~~
pg
We log failed login attempts.

~~~
diego
Password retrieval has been a standard feature for any website for many years.
It's easy to do for users who have an email in their profile, and it gives the
rest a good reason to enter it. When I created my account I added my email
because I assumed that the feature existed. Good thing I haven't forgotten my
password.

------
JeremyChase
I had trouble recovering my password because the username is case sensitive,
and I didn't realize it. I thought I was jeremychase and created a 2nd account
until I figured out the case issue.

~~~
RossM
I had a similar issue - I forgot I'd registered with an OpenID and thus when
attempting to login couldn't figure out why it would fail, even when using the
correct case.

------
nod
I'd like a way to easily bind/remember "Which click pass site did I use?" for
my account. I don't get logged out often, but when I do I usually try 2 or 3
different sites (eg. Google, Facebook, etc) before finding the one that links
to my HN account.

And I'd be fine with "nod" -> "Facebook" (e.g.) mapping being public.

------
g_lined
I, for one, very much appreciate the fact this site doesn't require an e-mail
address.

Many websites should offer e-mail-less logons since it's simply not necessary
to have password retrieval or anything but basic authentication.

It makes signing up much easier. Since convenience is generally the price of
security, I appreciate it when a website affords me the convenience of using
the correct level of security.

------
GordonRobertson
Another option for generating passwords -
[http://simplepassword.com/?&domain=news.ycombinator.com](http://simplepassword.com/?&domain=news.ycombinator.com)

------
quellhorst
1Password doesn't forget my passwords, even if they are a 50 character hash.

------
biohacker42
I have no idea what my password is. I when I "signed up" I just typed
something random on the keyboard as my password.

If I'm ever logged out I will lose all my shiny karma points. Those ain't
worth much, c'est la vie.

~~~
icey
<http://news.ycombinator.com/resetpw>

~~~
csomar
Good I didn't know about it, it can help a lot of people that are logged in :D

------
vinc456
Just make a new account.

~~~
mattmaroon
But then you lose your karma.

~~~
KirinDave
Some might consider that a good thing. I respect the karma of who has gained a
lot of Karma in 2009 a lot more than people from previous, when HN was smaller
and points were easier to get.

~~~
shrughes
Points seem easier to get now than back then. There are more upvoters.

~~~
KirinDave
I think it's easier to _lose_ karma now becuase there are more people who
disagree by downvoting a la reddit (see my comment above for a prime example).

But it really feels like people are more stingy with upvotes, especially at
the story level. Gone are the days of nickb getting ~1k upvotes from a single
submitted story over and over, now it's a much more reserved upvote culture
where you have to submit a lot more material and interact more to get those
big numbers.

