I Just Forgot my Email Password that I Created/Changed Today

  • Thread starter kyphysics
  • Start date
  • #1
217
151
I suck. I NEVER write down my email passwords for fear of them getting stolen.

I created a new password for one of my email accounts today. Already, I've forgotten it. I know very generally what it's "like," but cannot nail down the letters. Worse is that I didn't enter a recovery method (e.g., phone number) for this account.

Has this happened to you before? It's happened to me at least 5 times in the past 10 years.
 

Answers and Replies

  • #2
FactChecker
Science Advisor
Gold Member
5,971
2,291
Five times in 10 years! If I were you, I would rethink your policy and at least have a recovery method.
 
  • Like
Likes davenn, russ_watters, Evo and 1 other person
  • #3
Wrichik Basu
Insights Author
Gold Member
2020 Award
1,624
1,511
Has this happened to you before?
Yes, but not at the rate you mentioned. Basically all of my email passwords are saved in Chrome. I can't remember them, simply because they are a combination of random letters, numbers and special characters, and quite long. I don't care if they are stolen because I have two-step verification enabled in all of my accounts.
 
  • Like
Likes Evo, kyphysics and FactChecker
  • #4
1,875
1,132
I suck. I NEVER write down my email passwords for fear of them getting stolen.

I created a new password for one of my email accounts today. Already, I've forgotten it. I know very generally what it's "like," but cannot nail down the letters. Worse is that I didn't enter a recovery method (e.g., phone number) for this account.

Has this happened to you before? It's happened to me at least 5 times in the past 10 years.
Do you want to recover the email account? If you do, please ask us about that, instead of just asking whether it's happened to us before. What did you do when this happened before? Have you contacted a live human being who works in a technical or clerical capacity for the email provider ?
 
  • Like
Likes Evo and Wrichik Basu
  • #5
anorlunda
Staff Emeritus
Insights Author
9,012
5,924
It is highly personal. Some people have no trouble remembering, others do.

I'm the admin for several web sites. I get notifications whenever someone asks for a password reset. I see that some people forget their passwords 100% of the time, but most people don't forget. That doesn't mean that they use good passwords. I just read yesterday that researchers found 475 million people using 123456.

If memory is your problem, I recommend a password manager program. They offer many benefits.

By the way, IMO the best protection is to change all your passwords on all sites every 30 days. That way, even if your password is stolen or hacked, the risk expires within 30 days. But that makes it even harder to remember, so a password manager is more necessary.
 
  • Like
Likes Evo
  • #6
34,510
6,195
I NEVER write down my email passwords for fear of them getting stolen.
I have about 50 different accounts that require passwords, way too many to rely on memory alone. Several of them require me to make new passwords periodically. To help me keep them straight, I have them all listed on an Excel spreadsheet, which I save to a couple zip drives, and also print out.
When I add new accounts, I update the spreadsheet and print out a new paper copy.

If you've forgotten 5 passwords in the past 10 years, and have forgotten one you created yesterday, I'd say it's time to consider doing something different.
 
  • Like
Likes russ_watters, Evo, Wrichik Basu and 2 others
  • #7
217
151
Yes, but not at the rate you mentioned. Basically all of my email passwords are saved in Chrome. I can't remember them, simply because they are a combination of random letters, numbers and special characters, and quite long. I don't care if they are stolen because I have two-step verification enabled in all of my accounts.
I don't think my rate is that high, given so many accounts. I'm including:

Facebook
Gmail (I have ...seven accounts, I think)
10 different forums (some academic, some hobby, some religious, etc.)
Hotmail
Yahoo Mail
alumni mail
work email
Amazon
Target
Walmart . . . .

The list goes on....I probably have 50 active accounts - many being unimportant and where I also don't care as much if stuff gets stolen in them. There was only ONE that hurt me a great deal. It was an old college email account. I saved lots of interesting emails in there that I'd like access to, but I'll never see again now.

But, yeah, 5 accounts ...out of 100's? ...over 10 years isn't as bad as it might first sound. What WAS extremely bad was forgetting it literally 12 hours later.

On a positive note: I worked through maybe 75 or so variations and FINALLY figured out my password!
 
  • Like
Likes Wrichik Basu
  • #8
Vanadium 50
Staff Emeritus
Science Advisor
Education Advisor
26,102
9,469
I have them all listed on an Excel spreadsheet
Password protected, I hope.

Strong passwords in an encrypted file with an innocuous name is probably good enough to stop random criminals, even if they steal your PC.
 
  • Like
Likes Evo
  • #9
Evo
Mentor
23,172
2,913
I don't think my rate is that high, given so many accounts. I'm including:

Facebook
Gmail (I have ...seven accounts, I think)
10 different forums (some academic, some hobby, some religious, etc.)
Hotmail
Yahoo Mail
alumni mail
work email
Amazon
Target
Walmart . . . .

The list goes on....I probably have 50 active accounts - many being unimportant and where I also don't care as much if stuff gets stolen in them. There was only ONE that hurt me a great deal. It was an old college email account. I saved lots of interesting emails in there that I'd like access to, but I'll never see again now.

But, yeah, 5 accounts ...out of 100's? ...over 10 years isn't as bad as it might first sound. What WAS extremely bad was forgetting it literally 12 hours later.

On a positive note: I worked through maybe 75 or so variations and FINALLY figured out my password!
You didn't have the possibility to go to your account section and request a new password/reset password?
 
  • Informative
Likes epenguin
  • #10
1,875
1,132
kphysics said:
There was only ONE that hurt me a great deal. It was an old college email account. I saved lots of interesting emails in there that I'd like access to, but I'll never see again now.
Assuming that you remember the email address, you could try sending a test email to it, and see whether it gets flagged as undeliverable. If it doesn't, then you should be able to go through the 'forgot password' protocol to recover the account. Otherwise, whether the old emails can be recovered will depend on the relevant archival and retention policies and practices. You could contact a technical support person at the college to find out about that.
 
  • #11
epenguin
Homework Helper
Gold Member
3,817
845
Glad this came up as I had been wondering where best to ask about this: is it only me or only my mostly UK web frequentation or has there been a general and accelerating security tightening up in the last month or two?

Which is obviously a Good Thing, except for some slight disadvantages like not being able to get into or operate your own bank accounts.

Other at least irritating things noticed have been:

I am every few days asked for the password to my e-Mail account. I have had this account for 15+ years and was never asked for it before two or three weeks ago, but now am asked frequently;

I am almost every day asked whether I am human. However this may beep I am sure it has not changed recently but I have to do a captcha and recognise a bus or traffic lights etc. in a small fuzzy picture. More recently it asks but then just takes my word for it without these visual tests. It says it has noticed unusual traffic. I don't know what this could be, but then a click leads to the explanation of someone or something extraneous something something my IP address. I find that weird, shouldn't I? because I am using mostly a VPN so my visible IP address is usually recently changed is that right?

OTPs are coming in quite a lot. OK security, but they slow you down. And mean you are dependent on TWO devices working, not one. There is one execrable new bank one that depends on voice recognition and doesn't recognise my voice!

Positive are a number of accounts that now work with fingerprint recognition freeing me from the nightmare of passwords. But in the back of my mind is, this works as long as it works... but the day it doesn't...:oldeek:
 
  • Wow
Likes Evo
  • #12
217
151
Assuming that you remember the email address, you could try sending a test email to it, and see whether it gets flagged as undeliverable. If it doesn't, then you should be able to go through the 'forgot password' protocol to recover the account. Otherwise, whether the old emails can be recovered will depend on the relevant archival and retention policies and practices. You could contact a technical support person at the college to find out about that.
It was a Hotmail account I used for college purposes. I've tried their recovery process, but cannot get through. Like many email recovery processes, you had to enter in a bunch of stuff accurately:

-folders
-recent emails (addresses sent from/to and/or subject title lines
-dates (when the account was created)
-contacts

I was able to recall some, but not all of the info. That's often been the case with other locked out email accounts too. I just have too many. I don't always remember all the little details of each one. But, to recover, you have to get all the questions right.
 
  • #13
217
151
You didn't have the possibility to go to your account section and request a new password/reset password?
You can, but you have to verify your account first. I cannot get through the security/recover questions.

In writing this thread/post, I realize I just need to use recovery methods. E.g., phone number.

I was trying to be superman and remember everything over the years, but also didn't want to write down my stuff or use recovery methods. I had paranoid reasons for that (some good, some unreasonable), but realize now that it's not worth it.
 
  • #14
1,875
1,132
It was a Hotmail account I used for college purposes. I've tried their recovery process, but cannot get through. Like many email recovery processes, you had to enter in a bunch of stuff accurately:

-folders
-recent emails (addresses sent from/to and/or subject title lines
-dates (when the account was created)
-contacts

I was able to recall some, but not all of the info. That's often been the case with other locked out email accounts too. I just have too many. I don't always remember all the little details of each one. But, to recover, you have to get all the questions right.
The fact that the questions are posed to you is a strong indication that your account is still there, wherefore it's probable that some or all of your old emails are still there##-## when you have enough time, you might try contacting MS Hotmail technical support ##-## I think that if you can prove to them that you're really you, then you'll have pretty good prospects of getting your account and its emails back.
 
  • #15
Wrichik Basu
Insights Author
Gold Member
2020 Award
1,624
1,511
because I am using mostly a VPN so my visible IP address is usually recently changed is that right?
That could exactly be the reason why you are seeing those captchas asking you to verify that you are a human being. When you are using a VPN, it hides your IP address and gives you the IP of one of the many servers hosted by the VPN company. And you are not being given a unique address — many other users are being given the same IP. That is why the websites are seeing unusually high traffic from that particular IP address and suspecting that a bot is using it.

Opera browser has a similar VPN, and it also allows you to set your location to different parts of the world. When I used that some months back and set my location to the Asia, Google said that there is unusual traffic from that IP and asked me to verify whether I am a human. You are facing pretty much the same.

Positive are a number of accounts that now work with fingerprint recognition freeing me from the nightmare of passwords. But in the back of my mind is, this works as long as it works... but the day it doesn't...:oldeek:
My laptop has a fingerprint sensor, but truth be told, I have never been able to use it properly. I set up a fingerprint for Windows, and the next time I wanted to log in, it was not recognizing the fingerprint. Maybe I was putting my finger at a different angle. Anyway, I am okay with a password and removed the fingerprint.
 
  • Like
  • Informative
Likes Evo, epenguin and sysprog
  • #16
epenguin
Homework Helper
Gold Member
3,817
845
That could exactly be the reason why you are seeing those captchas asking you to verify that you are a human being. When you are using a VPN, it hides your IP address and gives you the IP of one of the many servers hosted by the VPN company. And you are not being given a unique address — many other users are being given the same IP. That is why the websites are seeing unusually high traffic from that particular IP address and suspecting that a bot is using it.

Opera browser has a similar VPN, and it also allows you to set your location to different parts of the world. When I used that some months back and set my location to the Asia, Google said that there is unusual traffic from that IP and asked me to verify whether I am a human. You are facing pretty much the same.


My laptop has a fingerprint sensor, but truth be told, I have never been able to use it properly. I set up a fingerprint for Windows, and the next time I wanted to log in, it was not recognizing the fingerprint. Maybe I was putting my finger at a different angle. Anyway, I am okay with a password and removed the fingerprint.
That explains it, thank you, and is reassuring. It seems to me this has been a lot increasing. May have to do with at first I was choosing which server to connect to and more lately letting it happen automatically, I will experiment a bit.

I am almost chuffed something works for me and not for everyone as usually it is the other way round. Are you sure you are using the same finger you set it up with? I remember mine was done in the shop where I bought my I pad and I think it involved putting the finger in various positions. If this is Apple there is something about that here https://support.apple.com/en-gb/HT201371
Also if you can take it into an Apple shop they might help you do it. I am finding it invaluabl, e,g, there are a couple of accounts where for various reasons it is better I check often, which I would do less often if it were a tedious password procedur.
 
  • #17
fluidistic
Gold Member
3,741
124
By the way, IMO the best protection is to change all your passwords on all sites every 30 days. That way, even if your password is stolen or hacked, the risk expires within 30 days. But that makes it even harder to remember, so a password manager is more necessary.
Just so everyone knows, this is not a recommended practice anymore: https://security.stackexchange.com/questions/186780/how-often-should-i-change-my-passwords.
Personally I would use gigantic/almost impossible passwords to crack generated and stored by an open source password manager. My time is more precious doing other things than changing such passwords, as they'd never get cracked by any known algorithm on any existing hardware.
 
  • #18
1,875
1,132
[I've never been an Apple guy; however, I gratefully acknowledge that the Apple Store people were very gracious and courteous to me when I wanted to resolve a technical problem, and they allowed me to make gentle use of their equipment, even though I told them in advance that the technical problem had nothing to do with any Apple equipment.]
fluidistic said:
they'd never get cracked by any known algorithm on any existing hardware.
I think that modern encryption is not likely to be breakable, by other than giant organizations, but please don't be too sure that the NSA can't decrypt whatever they want to.
 
  • Like
Likes Evo
  • #19
Frodo
Gold Member
154
66
Just do a web search for password manager - you will find lots for PCs and mobile phones including those which synch between devices.

I have hundreds of passwords all of the form "*J&r8rH%35Cti\5YwNxA" stored in a password manager and I don't have to remember any of them. When I go to a web site I activate the password manager, give it my master password and it types in the username and password for me.

I don't use the password manager in a browser. My password manager issues virtual keystrokes so no web site knows that I use a password manager - it thinks I type in my password.
 
Last edited:
  • #20
Vanadium 50
Staff Emeritus
Science Advisor
Education Advisor
26,102
9,469
I think that modern encryption is not likely to be breakable, by other than giant organizations, but please don't be too sure that the NSA can't decrypt whatever they want to.
I have my Quicken data encrypted. Is it to keep the NSA out? Nope. If the US government wants to know my financial transactions, they can subpoena my bank. I'm more worried that my laptop will get stolen, the criminals get my financial information, and then go on an identity-theft-fueled spree. It is more effective for me to take steps to reduce the likelihood that the laptop will be stolen than to strengthen the encryption.
 
  • Like
Likes sysprog
  • #21
Wrichik Basu
Insights Author
Gold Member
2020 Award
1,624
1,511
Are you sure you are using the same finger you set it up with?
Yes, I am pretty sure. The problem is that once Windows denies the fingerprint during sign in, it seems it will continue to do so every time from then on unless I manually deleted the biometric file, and added my fingerprint again. It would go smoothly again for a few days, and then again start denying the fingerprint. Maybe a Windows issue, but I found it irritating to re-enroll the fingerprint every week. Besides, my laptop stays at home most of the time (actually about 100% of the time), so I don't have a problem if I keep it unlocked.
 
  • #22
Frodo
Gold Member
154
66
I'm more worried that my laptop will get stolen, the criminals get my financial information, and then go on an identity-theft-fueled spree. It is more effective for me to take steps to reduce the likelihood that the laptop will be stolen than to strengthen the encryption.
My phone and my tablet were stolen while I was on holiday abroad and my password managers were on both.

I did a quick estimate that it would take thousand and thousands of years for a hacker to work out my master password as I have configured the password manager to perform many millions of hashes of the master password so only one attempt can be made per second.

I relaxed and waited till I got home before changing my passwords.
 
  • #23
1,875
1,132
My phone and my tablet were stolen while I was on holiday abroad and my password managers were on both.

I did a quick estimate that it would take thousand and thousands of years for a hacker to work out my master password as I have configured the password manager to perform many millions of hashes of the master password so only one attempt can be made per second.

I relaxed and waited till I got home before changing my passwords.
I'm sorry that your machines were stolen, and I think that it's extremely unlikely that any illicit recipient could pose a serious risk of getting past a robust password protection system; however, an adversary wouldn't necessarily have to mimic your many millions of hashings to get your password.
 
  • #24
Frodo
Gold Member
154
66
an adversary wouldn't necessarily have to mimic your many millions of hashings to get your password.
Oh yes he would!

When I enter the master password into my password manager the password manager hashes the password I type millions and millions of times, taking about one second on a PC. The password manager then uses the final hash to do the decryption and open the password manager.

So, any hacker has to wait one second after each guess to see if the guess is correct. That means only 86,000 attempts per CPU per 24 hours. My master password has well over 10^20 combinations so they are not going to get far.
 
  • #25
Vanadium 50
Staff Emeritus
Science Advisor
Education Advisor
26,102
9,469
I think sysprog's point is that other exploits might work better than brute force. Tricking you into installing a keylogger, for example. Or tricking you into installing a program that scans memory looking for an unencrypted password. Or kidnapping your family and making you give them the master password.

If brute force attacks have a probability of 10-15 of succeeding, bad actors are going to try things that are more likely than 10-15.
 

Related Threads on I Just Forgot my Email Password that I Created/Changed Today

Replies
7
Views
1K
Replies
8
Views
2K
  • Last Post
Replies
3
Views
2K
  • Last Post
2
Replies
34
Views
4K
  • Last Post
Replies
20
Views
3K
Replies
6
Views
4K
Replies
7
Views
4K
Replies
8
Views
6K
Replies
21
Views
4K
  • Last Post
2
Replies
47
Views
22K
Top