"Lost My Password"

Apologies if this has been dealt with before. New user here, and BW does a great job helping to create and then protect difficult to crack passwords. But it seems so many websites, even financial ones (or this forum), make it easy for a bad guy who has stolen/found your missing laptop/mobile, to simply skip trying to crack your great password. They just go to your bank/any other web site and click “lost my password”. So many of them require your email address as the user name, and then send an email with the new password, to the very device the bad guy is holding in his hands.

Short of requiring a password to read every one of the dozens of emails per day that come in, what’s the answer?


You need your stolen or lost device to have a password, pin, or some other lock and encryption. Then the device cannot be used to easily hijack your services. 2FA can help protect access to email from other sources outside of your devices.


Absolutely correct - thanks. I guess the only scenario where BW and any other security measures may be of little use, is those border crossing horror stories where the agents will seize and hold the phone/laptop (or even you), until you unlock everything in front of them. Hopefully some of the recent U.S. court rulings will reduce/eliminate these warrantless searches.