Hacker News new | past | comments | ask | show | jobs | submit login
Ask PG: What if I forget my password?
29 points by csomar on April 30, 2009 | hide | past | favorite | 45 comments
I tried to log today (just by now), but I forgot my password, I even forgot if I had signed a simple account or using the click pass (i finally logged by trying the different signs up and the Google one worked for me).

I wander why HN don't implement a simple Passowrd recovery application, that let you recover your password using your username and send you the password reset to email.

Or what if I did forget my pass??




I know it doesn't solve the problem now, but if you worry about forgetting passwords, SuperGenPass is a pretty good solution: http://supergenpass.com/

(I have not involvement with that site except as a user, but it's one of those things that I feel compelled to plug because it has made my life so much easier.)


Thanks paulgb, useful link

--

This topic has come up many times on Slashdot... I'll share my digest of interesting link

Pronouncable Passwords :: http://www.multicians.org/thvv/gpw.html :: generate a memorable basis point, add unique randomness on top. Very good for teams where the secret 'salt' is shared, but you can remind teammates which password is used verbally

Keepass :: http://keepass.info/ :: Self encrypting db with GUI tools

Diceware :: http://world.std.com/~reinhold/diceware.html :: offline strong password generator


Or for any losers on OS X, I highly recommend 1Password: http://agilewebsolutions.com/products/1Password

It stores an encrypted DB accessible via a master password, and it works great with something like DropBox if you use multiple machines. It also works w/ multiple logins per site.


Kind of a tough problem since you don't give an email address when you sign up. You just pick a username and password. I can't really think of a reasonably secure way to deliver a new password in that scenario.


It isn't that common. If it becomes more common I'll write something for it.


How do you know whether it's common or not? I've sat there several times trying to remember my password, remember whether I used Clickpass or not, etc. Finally, I just decide it's not worth commenting, and close the browser tab. (Posting under newly created account because I still can't figure out my old account's password.)


We log failed login attempts.


Password retrieval has been a standard feature for any website for many years. It's easy to do for users who have an email in their profile, and it gives the rest a good reason to enter it. When I created my account I added my email because I assumed that the feature existed. Good thing I haven't forgotten my password.


someone doing a few failed logins before successfully logging in won't look all that different than someone doing a few failed logins and then giving up, which is what most humans would do (as opposed to scripts).

people naturally tend to have a small number of cross products of usernames and passwords...once it gets too large we start forgetting parts of it.

a couple times in the past year i've forgotten my password for hn. after the first time it happened i wrote it down so i wouldn't lose my precious karma.


How many accounts are inactive and with the last few logins failed?


I am in exactly the same position - I abandoned an old account since there was no way to do this.


I also reregistred because I forgot the password of my old account


same here. 2nd account.


also reregistered


also registered twice


Why do you think my username is nopassrecover.


pg, can you personally help this fellow out? Its such as a rare occurrence, like you said, and its always good to be able to retrieve your account. I lost at least 2 accounts on Digg over the years(before I stopped using it) and was never able to retrieve them.


I did. In fact that is the default solution: when someone forgets their password they email me and I reset it for them (if they put their email addr in their profile).


http://www.memorise.org/


About 3 weeks ago, I got so irritated with trying to log in from time to time that I sat down for about an hour and tested every fat-finger combination of the password I used that I could think of. I took me about 40 tries, but I finally found that I'd hit a letter twice (somehow in both fields!). I really wanted to keep everything under my account, so I wasn't going to just make a new account, but it frustrated me to no end that I couldn't just reset my password and move on. Since finding my password, I've changed it to something else, but also added an openid account, so on the rare chance this happens again, hopefully I won't be left out in the cold.


or just write it down...i mean, if someone gets access to your harddrive, stealing your hn account is probably the least of your worries.


It's happened to me. I had to jump through hoops to get it back (a browser had it stored, so I set the browser to use a proxy, then had the proxy spit out the form including my password)


Much simpler solution: https://www.squarefree.com/bookmarklets/forms.html#view_pass...


I'm curious how you know its not common. I know there are multiple posts on the suggestion board about it, including my own. (Work browser had login credentials cached, but I couldn't figure out what I used to log in at home. I think I finally just used work browser to set a password, cuz I couldn't remember which OpenID I used.)


Yes, it's happened to me too. Mostly because I thought I'd signed in with clickpass, which I had, but had also created a password. It did come to me finally, or I'd be stuck using HN from the same machine.


on an unrelated issue, is it possible to merge the posts (and karma) of one account into another one?


i've also noticed problems such as submissions and comments not going thru, though it has nothing to do with password problem but still...


I had trouble recovering my password because the username is case sensitive, and I didn't realize it. I thought I was jeremychase and created a 2nd account until I figured out the case issue.


I had a similar issue - I forgot I'd registered with an OpenID and thus when attempting to login couldn't figure out why it would fail, even when using the correct case.


I'd like a way to easily bind/remember "Which click pass site did I use?" for my account. I don't get logged out often, but when I do I usually try 2 or 3 different sites (eg. Google, Facebook, etc) before finding the one that links to my HN account.

And I'd be fine with "nod" -> "Facebook" (e.g.) mapping being public.


I, for one, very much appreciate the fact this site doesn't require an e-mail address.

Many websites should offer e-mail-less logons since it's simply not necessary to have password retrieval or anything but basic authentication.

It makes signing up much easier. Since convenience is generally the price of security, I appreciate it when a website affords me the convenience of using the correct level of security.


Another option for generating passwords - http://simplepassword.com/?&domain=news.ycombinator.com


1Password doesn't forget my passwords, even if they are a 50 character hash.


I have no idea what my password is. I when I "signed up" I just typed something random on the keyboard as my password.

If I'm ever logged out I will lose all my shiny karma points. Those ain't worth much, c'est la vie.


http://news.ycombinator.com/resetpw


Good I didn't know about it, it can help a lot of people that are logged in :D


Thanks, but jeez people it's just internet karma, it ain't that important.


Just make a new account.


But then you lose your karma.


Gives you an opportunity to practice another buddhist/zen concept: letting go


It's no good if you're of a competitive nature though, which I believe to be an essential trait if you want to do startups.

You don't see many buddhist monks creating successful businesses.


Some might consider that a good thing. I respect the karma of who has gained a lot of Karma in 2009 a lot more than people from previous, when HN was smaller and points were easier to get.


Points seem easier to get now than back then. There are more upvoters.


I think it's easier to lose karma now becuase there are more people who disagree by downvoting a la reddit (see my comment above for a prime example).

But it really feels like people are more stingy with upvotes, especially at the story level. Gone are the days of nickb getting ~1k upvotes from a single submitted story over and over, now it's a much more reserved upvote culture where you have to submit a lot more material and interact more to get those big numbers.


I disagree. I think it's much easier to earn karma now that the HN community is much larger and diverse than when it was smaller. It's simple math; even if only 0.1% of HN members will upvote your post, you'll get votes much more quickly with 15,000 users (15 votes) versus 2000 users (2 votes).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: