Why Relying on ‘Forgot Your Password’ Isn’t the Best Idea

Many users use the "forgot your password" option as a quick way to gain access to their accounts, but is this the best approach in this day and age?

By Marco Rizal - Editor, Journalist 4 Min Read
Share this post?
Share this post?

Many users use the "forgot your password" option as a quick way to gain access to their accounts, but is this the best approach in this day and age?

Password management can be a hassle. With the number of online services and platforms increasing, it’s no surprise that people frequently forget their login information.

According to CNN, we each have an average of 100 online accounts on different websites. Depending on each individual, there could be more.

While password managers provide a secure and convenient solution, but not everyone uses them.

Some users prefer a less traditional approach—constantly resetting their passwords with the “forgot password” option.

Although this may appear as the fastest way to login, it introduces a number of security risks along with it.

The Odd Case of “I Forgot My Password”

Many websites include a forgot your password link as an emergency measure for those who lose their passwords.

However, some people use this feature so frequently that it has become their go-to method for logging in.

Instead of saving or remembering passwords, they reset them whenever they need access.

Ruben Schade, a tech enthusiast, notes that for some, this method functions as a makeshift password generator.

Users request a password reset, generate a new password they won’t remember, and repeat the process indefinitely.

Password managers are seen as untrustworthy by some users. For example, one user reported that their browser’s password autofill occasionally fails, forcing them to reset their password frequently.

Others simply find the process so quick and easy that it outweighs the inconvenience of managing passwords.

In fact, some people see this method as advantageous: by constantly resetting their passwords, they feel secure because they are regularly updated. However, this is a false sense of security.

While resetting your password every time may seem like a simple shortcut, it is not without flaws.

Constantly using forgot password creates security risks. For example, hackers could intercept password reset emails and gain access to your account.

Not to mention, if this method is used across multiple accounts, an attacker could use the same vulnerability to gain access to a variety of services.

Another issue is that you aren’t writing it down. You will eventually forget about them when you change devices or are prompted to login again, which will most likely result in another password change.

Finally, what if you change SIM cards or lose the ones for which you have the SMS verification number?

This will result in an immediate loss of access to all accounts for which you do not know the password.

What’s The Solution?

How about using the same, easily rememberable password for all accounts? That could work, right?

Wrong. Study shows that two-thirds of Americans use the same password for multiple accounts.

This is very dangerous since once hackers have breached one, every other domino will fall.

Writing your different passwords on a notepad and hiding them can work, but password managers are a better solution that solves the problem of remembering passwords while also improving security.

They generate complex, unique passwords for each site and securely store them, reducing the possibility of reusing the same password across multiple accounts.

Many also include two-factor authentication (2FA), which provides an additional layer of security. This is especially important for sensitive accounts like banking and email.

While some users find the “forgot password” option useful, it is neither sustainable nor secure in the long run.

Password managers are a safer, more efficient way to manage your credentials, protecting you from the security risks associated with frequent password resets.

Now what if you lost access to your password manager? Now that’s a different story.

Leave a comment