I’ve been changing a lot of passwords recently. One thing I’ve learned is that it’s sometimes hard to find the place for changing your password. Every site seems to have their own settings arrangement.
In some cases I’ve found it easier to just say that I “Forgot password.” In that case, I get an email that resets the password and gives me an opportunity to enter the new one. One advantage is that I don’t have to enter the old password, which eliminates a step when generating a new one.
However, perhaps this method is less secure? Any other problems with this technique?
I recently went through the process of changing all my passwords, following the Lastpass security breach. In most cases, I was able to use the “change password” feature offered by the required site but often, like you, I had to resort to the “forgot password” method. While I can’t offer any informed insights on whether there are any downsides to using this method, I can say that I personally didn’t encounter any issues. I think it’s fine.
I think it’s the most convenient. Some of the Lastpass people recommended this method as the main method to massively change passwords, because it takes the least time.
Practically, it’s pretty safe. Somebody would have to see the email/SMS to have any effect, but then you would see the effect right away.
The only caution maybe to delete the message afterward, just in case the site screws up and allows resetting the password more than once with the link.