I hate this.
You go to some site that you rarely visit, say once a year. You can't seem to log in. You've seemly forgotten your password, although it's more likely you can't remember which username they forced you to use.
So you click on 'Forgotten your password'.
Look it says, "If you can't remember your details, use the 'Remind Me' form and we will send you an email reminder." A REMINDER. Good.
But no, instead you get a password reset. A new password. "Forgotten your username or password? Don't worry! Enter your details and we'll send you a temporary password."
I don't want a(nother) new password. I want to be REMINDED what the old one was.
Wankers.
It's a bad sign if a website is able to remind you of your password. My understanding is that it's more secure for passwords to be stored as "hashes", in case a criminal gets hold of the database account details. It's easy to convert plain text into a hash for comparing two hashes (checking the entered password is correct), but it's not feasible to convert back from the hash to plain text to remind you. But probably better for some websites to prioritize convenience.
Posted by: Hairyegg | Nov 26, 2011 at 09:52
What Hairyegg said. No-one (should) store a plain text password, or anything other than a one-way hash of it. So there's no way to remind you, without you setting a password reminder. Which are awful too, because most people's are really insecure to anyone who wants to get in: mother's maiden name, and so on.
There are no good example of design for authentication, because the whole process is horrible. But at least it's horrible everywhere, and everyone has just got used to it. Every time a designer tries something clever it's just confusing and annoying.
Posted by: Tomtaylor | Nov 26, 2011 at 14:37
The only sane response to this is to let my browser remember passwords for me. Safari does a great job of this, so you can imagine how frustrated I get when developers confound the browser’s own password recognition through creativity like ajax forms or unexpected names for fields.
Also: landline number? Date of birth? Do people even *have* DOB’s anymore? Sheesh.
Posted by: Michalmigurski | Nov 26, 2011 at 18:55
They could change the name of the header from REMIND ME to something else. That would help my anger.
Posted by: Benterrett | Nov 27, 2011 at 19:32
Hi my name is yogesh kumar. I like this blog website. I say thanks to that person who made this
http://www.yogesh-kumar.com/
Posted by: Yogesh Kumar | Nov 28, 2011 at 11:21
Hello Yogesh and welcome to by website. I made it all by myself. Good morning.
Posted by: Benterrett | Nov 28, 2011 at 11:36
what gets me is "incorrect username or password".
"OR" ? That's less than helpful.
Posted by: Gthornton101 | Nov 28, 2011 at 14:08
Yes, what Hairyegg said. That was exactly what Playstation got in trouble for - they were storing all of their passwords and credit card numbers in plain text and, well, the data got out.
It's also a personal security risk for you to have your password emailed to you - if anyone gets access to your email then unless you've got unique passwords on every site you use then you're in trouble.
I get furious anytime I sign up and someone emails me my account details password included - not only are they storing it incorrectly, they're also wafting my data around the place in a way I didn't agree to.
"Remind me" should be renamed. The rebuilt BE website gives me fury anyway, it's why I switched off their service. Bloody impossible to find anything on it.
Posted by: Fire_brand | Nov 29, 2011 at 14:58