Locked out again??? You know the drill — you’ll need to reset your password. And that whole reset process can seem really confusing. Why can’t you just click some “RESET” button right there and be done with it? Why does the reset process use email? Why doesn’t clicking the link in email just reset your password? The whole thing seems designed to frustrate and confuse.

A diagram of each step in the process to reset your password for any website.

The main reason it appears more complicated that than you think it should is because the reset process is designed to maintain security. Your security, first and foremost. It would certainly be way more confusing if anyone could show up at any website where you have an account (your bank, maybe?) and click a button to reset your password. Maybe even log in then. So first and foremost this process is designed to ensure that only you can change your password.

A reset uses email because every user account stores your email address, and email addresses are, generally speaking, unique to a person. (Yeah, we all know some sweet couple that shares a single email address. But that’s nutty, right?) The reset process sends you an email so that you are the only person that can change your password.

Let’s walk through each step of the process, starting with not remembering your password…

The Reset Password Process

Ok, it’s been a while since you last logged in, and now you don’t remember the password for your own website. What do you do? You start by clicking a link there near the login screen, a link that says something like “Lost your password?” That initiates the process.

Next, you are asked for your username or your email address. Why is this? Because if you haven’t logged in, the website doesn’t know who you are. You need to identify yourself. If you provide your username, the website can look up your email address and send you a message. If you provide your email address, the website can check for a user with that address, and send you a message. Either way, you have provided sufficient info for the website to send you — and nobody else but you — a unique link in an email.

Next, check your email. If you don’t find the expected email in your Inbox, check for it in Spam or Junk. You open the email and there is a link you need to click on. One important thing you need to know about this link — it is time sensitive. You need to click it soon. So don’t go off and make a sandwich. Don’t forget what you need to do next. You need to click that reset link.

Click the link and it takes you right back to the website you’re trying to log into. But this time you are not looking at a Login screen, you are looking at the Password Reset screen. Finally! This is where you can actually set a new password. If this is a WordPress site, there will already be a suggested password typed in for you. It will be a long string of random upper/lower case letters, numbers, and other characthers. That is a good strong password! Why not go with it?

Choose a Good Strong Password

Use copy and paste to use this good strong password. To use the suggested password, use your keyboard or a mouse-click to copy it. Now the password is on your “clipboard” (on your computer.) You have it handy, ready to paste. Hold that thought.

Go ahead and click the “Reset” button. This is the moment where you are telling the website, “This is the password I want to use.”

Next step: LOG IN! The website likely has already sent you back to the Login screen when you hit that Reset button. So here’s where you type your Username, and PASTE your password.

Congratulations, you just logged in. But this is also the moment when you could blow it. You need to store that password so you can use it again next time you need to log in. Your computer, or your web browser right at this moment is probably asking you if you would like to store your login credentials. Do it! Save that password so you don’t have to reset your password again next time you need to log in. It’s a hassle, and you don’t want to keep doing it over and over again.

Where to Store Your Password

Maybe you know from experience that you better write your password down. If you manually store all your passwords in a Word document, then maybe now would be a good time to go paste the password there. Having done that, maybe you should also hand-write the password on a Post-It you can stick to your screen. These are a couple common methods to keep a password handy, if you don’t trust your computer to remember it for you.

But if you get used to having your computer or your web browser just remember passwords for you, that is a more secure and reliable way to keep this password, and many other passwords, safe and easy to use.

On a Macintosh computer, passwords are stored in your “Keychain” application. If you ever need to look at your passwords or copy/paste a password, that’s where you will find them. On an iPhone or iPad, passwords are stored in “System Preferences > Passwords and Accounts.” On a Windows computer or an Android phone or tablet, there will be a similar place where all your passwords are stored. If you use Firefox or Chrome as your preferred web browser, maybe you store the password there. By storing your passwords on your computer or right in your web browser, ideally you never have to look at your password again. It just pops up right when you need to use it.

There are other places where you can store passwords. LastPass is a good one, which also allows you to securely send a password to someone else if you need to. Or you may be using a “Password Wallet” app on your phone, so you always have passwords close at hand. You can copy and paste from these applications, so you never have to type your password. If you use strong passwords they will be very difficult to remember and to type by hand.

Final Words of Caution

In this post I am encouraging you, dear reader, to use a good strong password consisting of a long random string of characters. Make it 10 characters or more. You probably have many online accounts, and they are all valuable to you, so keep them safe. You do not want your password to be the weakest link a hacker might use to gain access to your own website or any other online account.

For this reason, you should not use a password that can be found in a dictionary. (It is vulnerable to a simple “dictionary attack.”) And you don’t want it to be the name of a spouse or a child or a favorite pet — a stealthy hacker can easily acquire all those likely passwords. And you don’t want to use a string of numbers such as your zip code or phone number or street+house+apartment number. That is just way too easy for someone to guess and steal. And god help you if you use “password” or “12345” or “qwerty” as your actual password. That’s as good as leaving your car unlocked or your front door open.

And one more thing — I know it’s so tempting but — do not use the same username and password for all the various places where you need to log in. I’m gonna say it: That’s just dumb.

So learn the “reset your password” routine; hopefully you will only need to reset very in-frequently. And use strong passwords for everything you want to keep safe. These are rules to live by, not just for your own business or personal website, but also for your Facebook and Twitter, your online banking, your retirement accounts, PayPal, Amazon, or any other online store where you shop regularly. If you use your local library website or your local utility or phone company website, use strong passwords there. Do this. This is how you keep all your online stuff safe.