9
votes
Forgot password
So I’ve forgot my password I’m still logged in thankfully but if I get logged out I’m screwed any advise?
So I’ve forgot my password I’m still logged in thankfully but if I get logged out I’m screwed any advise?
I find it odd that setting that doesn't require reentering the password. It's fortunate in this case, but also seems like a security problem if someone leaves their account logged in where someone else can access it. The current password is needed to directly change the password, but that safeguard is negated by the email recovery workaround.
@Deimos, should I add an issue for this (adding a password confirmation to account recovery setting modifications), or is the current system intentional so that people can setup account recovery if they are still logged in, even if they have forgotten their password?
Yeah, I think it should probably have a password check. I do already have some logging around adding/changing the email so I'd probably be able to notice and revert it if someone tried to use this as a method of taking over an account, but it would be best to make them enter the password as well. An issue would be good, thanks. And thanks for bringing it up, @Eylrid.
Done: https://gitlab.com/tildes/tildes/issues/645
In some browsers, you can access saved passwords in the browser's settings.
Also, stop remembering your passwords and use a password manager -- https://bitwarden.com
Alternatively: keepass
yeah, keepass is decent.
I cycled through them all once LastPass was acquired. I settled on OnePassword for a time, but without Linux support (at the time), it was a deal breaker. The reason I settled on Bitwarden over Keepass(xc) is that it just works and I don't have to sync anything via dropbox or whatever.
If I were only using one system, I'd be happy with Keepass, but hopping between a tablet, phone, and three other systems, it just my set up wasn't working as well as I hoped it would.
I sync my keepass database over syncthing. It works well. Then again I only use my computer and phone. So there is little chance for sync conflicts.
nice! I think it's just my goofy setup where I'm constantly hopping between machines that was the issue.
We're so blessed to have so many good options for this sort of software.
Alternatively pass, or gopass
with the extra benefit that nobody has access to your data.See reply below, I'm apparently confused.
Nobody has access to your data on keepass either?
Right you are. I got confused between keepass and LastPass, sorry. :)
Thank you for correcting me.
Nobody really has "access to your data" on Lastpass either. Encryption/decryption is done entirely client side, and only the salted hash of your master password and already encrypted vault data is stored by them.