I’m not picking on Gothamist, because this isn’t really their fault, but the standard password-recovery system that Movable Type (G’mist’s blogging app—and ours at Serious Eats) uses to send you your lost cypher is a bit logic-challenged.
In order to get my password, I have to remember my username and some secret recovery phrase I supposedly set when I signed up.
I haven’t commented in Gothamist in a while, and I wanted to give founder-editor Jen Chung props for her great coverage on the mysterious maple syrup smell. But I can’t for the life of me remember what I set as my password. I’m also unsure of what my username is. And if I can’t remember those things, do you really think I’m going to remember some word or phrase that is not easily guessed by people who know me or can Google some basic info*?
I’ve found that the best system for handling such requests is the email method. An email address is much less likely to change, and tying password-recovery to user email addresses solves both the forgotten-password and forgotten username problems.
*It’s always bad to use mother’s maiden name, street you grew up on, first pet name, etc., as a passkey phrase—especially if you’re a blogger. Chances are that you may have divulged that info unwittingly in some long-forgotten blog post or somewhere else online.