9 votes

Forgot password

So I’ve forgot my password I’m still logged in thankfully but if I get logged out I’m screwed any advise?

14 comments

  1. [5]
    Comment deleted by author
    Link
    1. [4]
      Eylrid
      Link Parent
      I find it odd that setting that doesn't require reentering the password. It's fortunate in this case, but also seems like a security problem if someone leaves their account logged in where someone...

      I find it odd that setting that doesn't require reentering the password. It's fortunate in this case, but also seems like a security problem if someone leaves their account logged in where someone else can access it. The current password is needed to directly change the password, but that safeguard is negated by the email recovery workaround.

      6 votes
      1. [3]
        cfabbro
        Link Parent
        @Deimos, should I add an issue for this (adding a password confirmation to account recovery setting modifications), or is the current system intentional so that people can setup account recovery...

        @Deimos, should I add an issue for this (adding a password confirmation to account recovery setting modifications), or is the current system intentional so that people can setup account recovery if they are still logged in, even if they have forgotten their password?

        4 votes
        1. [2]
          Deimos
          (edited )
          Link Parent
          Yeah, I think it should probably have a password check. I do already have some logging around adding/changing the email so I'd probably be able to notice and revert it if someone tried to use this...

          Yeah, I think it should probably have a password check. I do already have some logging around adding/changing the email so I'd probably be able to notice and revert it if someone tried to use this as a method of taking over an account, but it would be best to make them enter the password as well. An issue would be good, thanks. And thanks for bringing it up, @Eylrid.

          6 votes
  2. Algernon_Asimov
    Link
    In some browsers, you can access saved passwords in the browser's settings.

    In some browsers, you can access saved passwords in the browser's settings.

    5 votes
  3. [9]
    tomf
    Link
    Also, stop remembering your passwords and use a password manager -- https://bitwarden.com

    Also, stop remembering your passwords and use a password manager -- https://bitwarden.com

    14 votes
    1. [8]
      unknown user
      Link Parent
      Alternatively: keepass

      Alternatively: keepass

      9 votes
      1. [3]
        tomf
        Link Parent
        yeah, keepass is decent. I cycled through them all once LastPass was acquired. I settled on OnePassword for a time, but without Linux support (at the time), it was a deal breaker. The reason I...

        yeah, keepass is decent.

        I cycled through them all once LastPass was acquired. I settled on OnePassword for a time, but without Linux support (at the time), it was a deal breaker. The reason I settled on Bitwarden over Keepass(xc) is that it just works and I don't have to sync anything via dropbox or whatever.

        If I were only using one system, I'd be happy with Keepass, but hopping between a tablet, phone, and three other systems, it just my set up wasn't working as well as I hoped it would.

        5 votes
        1. [2]
          unknown user
          Link Parent
          I sync my keepass database over syncthing. It works well. Then again I only use my computer and phone. So there is little chance for sync conflicts.

          I sync my keepass database over syncthing. It works well. Then again I only use my computer and phone. So there is little chance for sync conflicts.

          2 votes
          1. tomf
            Link Parent
            nice! I think it's just my goofy setup where I'm constantly hopping between machines that was the issue. We're so blessed to have so many good options for this sort of software.

            nice! I think it's just my goofy setup where I'm constantly hopping between machines that was the issue.

            We're so blessed to have so many good options for this sort of software.

            2 votes
      2. [4]
        0lpbm
        (edited )
        Link Parent
        Alternatively pass, or gopass See reply below, I'm apparently confused.

        Alternatively pass, or gopass with the extra benefit that nobody has access to your data.
        See reply below, I'm apparently confused.

        2 votes
        1. [3]
          unknown user
          Link Parent
          Nobody has access to your data on keepass either?

          Nobody has access to your data on keepass either?

          2 votes
          1. [2]
            0lpbm
            Link Parent
            Right you are. I got confused between keepass and LastPass, sorry. :) Thank you for correcting me.

            Right you are. I got confused between keepass and LastPass, sorry. :)

            Thank you for correcting me.

            2 votes
            1. cfabbro
              Link Parent
              Nobody really has "access to your data" on Lastpass either. Encryption/decryption is done entirely client side, and only the salted hash of your master password and already encrypted vault data is...

              Nobody really has "access to your data" on Lastpass either. Encryption/decryption is done entirely client side, and only the salted hash of your master password and already encrypted vault data is stored by them.

              1 vote