Confessions
As a longtime Internet veteran and as someone with a keen interest in privacy protection, I have a unique password for almost every site that requires a login.
After 12 years of spending 50 hours a week online, I probably have hundreds of accounts floating around.
Of them, I know the password to startlingly few.
I do not have a central password file.
When I had a handwritten day planner, I used to jot down half a dozen or so of my most vital and easily forgotten accounts, but I haven't put any of that data on my iPhone, so I only have access to the passwords my memory can hold onto.
My memory, like yours, does not excel at remembering passwords.
I use the "remember me" checkbox on many websites, but when I'm at work, for example, or guesting on an unknown computer, chances are I'm going to get stalled at the firewall.
I am eternally grateful for passsword-recovery options that email me the curious alphanumeric strings that I initially thought were hooky and clever.
Despite my lack of ability to remember the memorable passwords I devise, I am nonetheless irked when a website sends me a reset password link rather than a reminder or, more preferably, the password itself.
The convenience and security of having information mailed to me pleases me every time it works.
The two words I click on most on the Internet are, "Forgot password?"
Comments
Web-based application should never, ever send your password back to you in plaintext. This almost always means that they're storing it in plaintext in the database, creating a tremendous security hole. This is exactly what happened to Reddit, and they exposed their entire userbase's passwords because of it.
Posted by: Andy Baio | October 29, 2007 9:08 PM