Dear Apple (and many others),
When you tell me to click here to “retrieve my password”, why won’t you let me simply retrieve my password!? Instead, you make me change it. I don’t want to change it. I have a good password that meets all your stupid criteria, I like it. My account has not been hacked. I answered your security questions – which I imagine are designed to establish that my account has not been hacked and it is indeed Muttrox at the other end. So why do should I need to change it? Stop making me change it!! And if I have to change it, tell me that up front! Don’t tell me I need to click here to be reminded of my password, and then get in a system where that password can never be used. Don’t lie to me.
Thank you.
On many (well designed in terms of security) sites it’s not possible to retrieve your password because it’s only stored in one-way encrypted form (the encrypted string is in the database and when you provide your password, the authorisation code can encrypt it and see if it matches the string in the database – however, if you only have the encrypted version, it’s not possible to determine the plain text version). But I agree that the link should clearly state ‘Reset your password’ so it wouldn’t mislead you.
completely agree! I hate that!!