I prefer having to just hit “forgot password” over hitting first “forgot username” and then forgot password...
Even with the security risks I prefer email login. Logins are in 2 categories: a) stuff I don’t care if it’s compromised. Basically forum memberships, preferences on various sites such as retailers storing a shipping address but no payment details. b) Important things such as my email account.
For category a) sites (hundreds) I use a crap password that has been owned already. It’s 5 chars and the same on most sites. It’s been in pwned dbs for years. I can’t be bothered to use a person manager if it’s more work than 5 keystrokes to do on any platform.
For category b) sites (say ten or something) I use long unique passwords and 2FA.
Obviously it’s better to put everything in b), but I’m lazy. So as a good second best I take good care of the important passwords.
Even with the security risks I prefer email login. Logins are in 2 categories: a) stuff I don’t care if it’s compromised. Basically forum memberships, preferences on various sites such as retailers storing a shipping address but no payment details. b) Important things such as my email account.
For category a) sites (hundreds) I use a crap password that has been owned already. It’s 5 chars and the same on most sites. It’s been in pwned dbs for years. I can’t be bothered to use a person manager if it’s more work than 5 keystrokes to do on any platform.
For category b) sites (say ten or something) I use long unique passwords and 2FA.
Obviously it’s better to put everything in b), but I’m lazy. So as a good second best I take good care of the important passwords.