Passwords are a necessary burden:

If we lived in a perfect world passwords would not be necessary, but let’s face it, most of us are curious, and some of us are nefarious. 

Reasons why people need to reset their passwords:

Most of the time, when someone wants to reset a password, it is for an innocent reason, such as when a person cannot remember what password they set when they registered for an account on a website because they only log into the website once a year (I could see this happening at tax preparation websites). Another common, but innocent, reason is when someone relies on their web browser or phone app to just remember the password for them; however, for some reason, the browser or app is unavailable. Occasionally, someone impersonates a victim to reset the victim’s password in order to do something unethical, and it is those people we must thank for the complicated process of resetting our passwords. 

Thanks to them, there are security questions we will need to answer, emails we will need to check for, and additional codes we will need to type in. Below are the most common procedures or workflows that websites will have you follow to reset your password.

The top seven procedures for resetting your password:

  1. Have system admin reset your password. If you are at work, school, or another organization and you cannot remember your password to login to your computer workstation or other system, then you can probably ask your IT department to have the System Administrator reset your password for you. This means that they will temporarily set it to something simple that you can type in, and then after you login, the system will require you to replace the temporary password with something stronger. I see this method employed in smaller organizations.
  2. Security questions. If you have been using websites for a long time, you probably have heard of the next password reset procedure: Answering security questions. This is where you select three or so questions that ask for private information that others are less likely to know, such as what was the name of the first person you kissed or what was the name of your first pet. There are two ways to answer these kinds of questions: honestly or by making something up. For example, if one of the questions is, “who what your first-grade teacher?”, you could enter in the real name of your first-grade teacher (e.g., Mrs. Jackson), or you could make something up (e.g., scooby doo).
  3. Windows PC. If you are using a Windows 10 PC, version 1803 or greater, then when you first set up your PC, you would have been given the opportunity to type in answers to security questions like in the paragraph above. To provide Windows with answers to these questions after your PC is already set up, click the Start button > Settings > Sign-in options > Update your security questions. Another way to get in when you have locked yourself out is called a password reset disk, but you must set it up BEFORE you forget your password. To use this method, you have your PC save a small key file onto a USB flash drive which you provide (make sure to store the drive in a safe place). When you need it, you plug the USB flash drive into the PC, click the “Reset password” link on the login screen and then tell  Windows to use the key file. This will authorize Windows to start up the password reset procedure. To make your password reset disk, click on the Start button and type into search box, “create password reset disk” and then click on the password reset disk program that displays in the results list.
  4. Password reset email. Emailing you a login link is another way that some websites let you reset your password. The reasoning here is that even if you forgot your password to the website you are trying to log into, you are likely to still have access to your email account and can open a one-use hyperlink (blue underlined web addresses that turns your mouse pointer into a hand) if it was emailed to you. The link usually leads to a password reset page for your account on their website. If you reset your password this way, then do not wait to click on or tap the link in the email message they send you or else the link might expire. The lifespan on these links is usually anywhere from five minutes to seventy-two hours. If your email provider uses this password reset method, then hopefully you can see why you need to have a second email address on file with the first email provider so that the first provider can send you the one-time link to the second email address. It would be a good idea to have a different password on the second email account than you have on the first email account because you might be locked out of both if you forget the password. 
  5. Password reset text message. Some websites that have your cellphone number on file will do something similar to emailing a password link as explained above with two main differences: 1) the website will send you a text message instead of an email and, 2) there is a code in the text message instead of a hyperlink. After you read the text message they send, you will need to enter the code into a box that will display on the webpage. Doing this leads to a webpage where you can reset your password.
  6. Confirm on another device. Another method to reset your password is to have you confirm your identity on another device connected to your account. I have helped people do this with their Google accounts where they click the, “Forgot your password” link on the Google login webpage, and after they enter the last password for Google that they can remember, then, to confirm their identity, Google asks them to confirm their identity by unlocking their Android smartphone or tablet and responding to a notification displayed on its screen. The logic here is that Google can be confident that the person who is requesting a password reset is authorized to do so because they can 1) enter in the correct email address and 2) last password used on the account, 3) can unlock a smartphone or tablet associated with the account, and finally 4) respond to the notification properly. At this point, Google may let that person into the account, but at other times, it will ask the person to do something else to prove their identity, such as answer security questions or type in a code sent to their phone.
  7. Login on another device. Some systems will require you to login to them via another device that is already connected to the system. For instance, if you forget your password for Dropbox.com, often you will need to go to another one of your computers on which you already have the Dropbox software installed and connected to your Dropbox account, and use that PC’s Dropbox software to login to the Dropbox website for you to reset your password.

Members of the Library’s Digital Services team are familiar with the seven procedures described here and are ready to help you reset password via telephone (541-734-3990) or Zoom video conferencing, or if you bring your device into the Medford Library. Digital Services is not able to schedule appointments at other branches yet, but hope to be able to do so in the coming months. When appointments become available again, you can schedule one by email at digitalservices@jcls.org