Help Derpina keep her reddit account
September 3, 2012 1:31 PM Subscribe
How do I keep my reddit account despite having derped my password?
I'm an idiot – I've done this once already.
I participate in a local reddit community, and I've forgotten my password.
I am currently logged into the account, but I can't change the password without knowing it and being able to enter it. At some point the cookie will die, or I will want to log in from another machine, so I need to know it.
I did not set up an email address, like an idiot – and I can't do that now either without entering a password!
Anyone know if there's a workaround for this? I've already lost one reddit account and I don't want to lose this one.
I'm an idiot – I've done this once already.
I participate in a local reddit community, and I've forgotten my password.
I am currently logged into the account, but I can't change the password without knowing it and being able to enter it. At some point the cookie will die, or I will want to log in from another machine, so I need to know it.
I did not set up an email address, like an idiot – and I can't do that now either without entering a password!
Anyone know if there's a workaround for this? I've already lost one reddit account and I don't want to lose this one.
If you can't find your password, you will have to hack your reddit account or re-register. http://code.reddit.com/wiki/help/faqs/help#Iforgotmypasswordbutneverregisteredane-mailaccount.CanIstillresetmypassword
posted by michaelh at 1:48 PM on September 3, 2012 [1 favorite]
posted by michaelh at 1:48 PM on September 3, 2012 [1 favorite]
I'm a bit suspicious of this. How do we know this isn't somebody who just came across somebody's active login and is trying to take over their account? Most accounts have password recovery options that will email the owner to confirm. Why is this not an option for you?
posted by Raichle at 2:16 PM on September 3, 2012
posted by Raichle at 2:16 PM on September 3, 2012
If I'm reading the question correctly, it's not an option because there's no email address set up with the account.
posted by box at 2:21 PM on September 3, 2012
posted by box at 2:21 PM on September 3, 2012
Raichle and Box: Reddit makes providing an email address when registering a user name optional to give users a way to increase their anonymity.
posted by carmicha at 2:30 PM on September 3, 2012
posted by carmicha at 2:30 PM on September 3, 2012
Response by poster: I am a legitimate user and not trying to hack into an account that does not belong to me. I have no way to prove this, of course, but I attest this as someone who has been on Metafilter for some years and participated here honestly.
I did not establish an email account with reddit, which I completely admit was stupid.
I can't extract the password from either browser I have used.
posted by zadcat at 3:03 PM on September 3, 2012
I did not establish an email account with reddit, which I completely admit was stupid.
I can't extract the password from either browser I have used.
posted by zadcat at 3:03 PM on September 3, 2012
Are youn OS X, and if so have you searched your Keychain for 'reddit'?
posted by zippy at 3:12 PM on September 3, 2012
posted by zippy at 3:12 PM on September 3, 2012
On the off chance: Do you use RES, and might you have at some point configured RES's account-switching? If so, RES knows your password.
(It's easy to forget you've done this, since the UI for this is now just a tiny little Reddit alien.)
posted by mendel at 3:17 PM on September 3, 2012
(It's easy to forget you've done this, since the UI for this is now just a tiny little Reddit alien.)
posted by mendel at 3:17 PM on September 3, 2012
Response by poster: I am on OS X and frankly do not know how to get to the Keychain.
I do not knowingly use RES.
posted by zadcat at 3:49 PM on September 3, 2012
I do not knowingly use RES.
posted by zadcat at 3:49 PM on September 3, 2012
Response by poster: OK, the password is clearly not in my Keychain.
posted by zadcat at 3:54 PM on September 3, 2012
posted by zadcat at 3:54 PM on September 3, 2012
Best answer: Pretty sure you're boned unless you can plead with an administrator.
However, Reddit session cookies are very long-lived. They're set with an expiration date of the last UTC second of 2037, which is shorthand for "never expire". (Systems that use a 32 bit signed integer to represent Unix epoch time will roll over and fail in January 2038, so the end of 2037 is commonly used as the maximum date value in such systems, which is where the arbitrary date comes from.) You could copy the reddit_session cookie value from your browser and save it in a text file for safe keeping in case you clear your cookies for some reason. You could even transplant it from one browser to another in order to be able to access the site from another machine. How this is done depends on the browser; I like to use Cookies Manager+ for Firefox.
posted by Rhomboid at 4:39 PM on September 3, 2012 [1 favorite]
However, Reddit session cookies are very long-lived. They're set with an expiration date of the last UTC second of 2037, which is shorthand for "never expire". (Systems that use a 32 bit signed integer to represent Unix epoch time will roll over and fail in January 2038, so the end of 2037 is commonly used as the maximum date value in such systems, which is where the arbitrary date comes from.) You could copy the reddit_session cookie value from your browser and save it in a text file for safe keeping in case you clear your cookies for some reason. You could even transplant it from one browser to another in order to be able to access the site from another machine. How this is done depends on the browser; I like to use Cookies Manager+ for Firefox.
posted by Rhomboid at 4:39 PM on September 3, 2012 [1 favorite]
Response by poster: No, I have not spoken to anyone on reddit.
This has happened to me before (forgetting to establish an email link and losing an account) and that time it was clearly futile to try to find a mod, because they don't seem to give a damn.
Not saying they should run around cleaning up after careless users, but I assumed from the top here that trying to ask on reddit itself was pointless. Do you know otherwise?
posted by zadcat at 4:10 AM on September 4, 2012
This has happened to me before (forgetting to establish an email link and losing an account) and that time it was clearly futile to try to find a mod, because they don't seem to give a damn.
Not saying they should run around cleaning up after careless users, but I assumed from the top here that trying to ask on reddit itself was pointless. Do you know otherwise?
posted by zadcat at 4:10 AM on September 4, 2012
Moderators on reddit have relatively limited abilities, and all of them are things specific to their subreddit. For something system-wide like a password issue you'd have to get in contact with an actual administrator, of which there are a surprisingly small number given the site's size and traffic. (At some point in the past you could send a PM to /r/reddit.com and it would reach all the admins. I don't know if that still works after they decommissioned /r/reddit.com. It's still listed as a viable method on the feedback page.) The /r/help FAQ says there's nothing that can be done so it would basically be special pleading.
posted by Rhomboid at 5:41 AM on September 4, 2012
posted by Rhomboid at 5:41 AM on September 4, 2012
Best answer: Does Reddit allow multiple browsers to be logged into the same account at the same time? If so, start doing this:
1. Open a web browser other than the one already logged into Reddit. If you don't have anything besides Safari installed, get a browser.
2. Start a text file. This is going to log all the passwords you try. That's right, you are going to be cracking your own account.
3. Every few hours or so, attempt logging in a couple more times through the second browser. Don't make too many attempts in a row, since Reddit will probably lock down the form if you do. When each password fails, mark it as such in the scratchpad file. Don't ever erase anything in the scratchpad file -- you need that log to refer to so that you don't waste time re-trying passwords.
Keep in mind this only has a plausible chance of working if you're pretty sure your password is along the lines of one of your default password formulas ("thingy", "th1ngy", "ygn1ht",...). At that, it might take a few weeks/months/years of trying. If the password is in the realm of validly-secure, you're probably stuck with what Rhomboid suggests.
posted by ardgedee at 4:35 AM on September 5, 2012
1. Open a web browser other than the one already logged into Reddit. If you don't have anything besides Safari installed, get a browser.
2. Start a text file. This is going to log all the passwords you try. That's right, you are going to be cracking your own account.
3. Every few hours or so, attempt logging in a couple more times through the second browser. Don't make too many attempts in a row, since Reddit will probably lock down the form if you do. When each password fails, mark it as such in the scratchpad file. Don't ever erase anything in the scratchpad file -- you need that log to refer to so that you don't waste time re-trying passwords.
Keep in mind this only has a plausible chance of working if you're pretty sure your password is along the lines of one of your default password formulas ("thingy", "th1ngy", "ygn1ht",...). At that, it might take a few weeks/months/years of trying. If the password is in the realm of validly-secure, you're probably stuck with what Rhomboid suggests.
posted by ardgedee at 4:35 AM on September 5, 2012
Response by poster: ardgedee was right. I did what he suggested and tried various of my silly password-generating algorithms and hit on the right one. Bravo ardgedee.
posted by zadcat at 6:30 PM on September 30, 2012
posted by zadcat at 6:30 PM on September 30, 2012
This thread is closed to new comments.
posted by COD at 1:44 PM on September 3, 2012 [1 favorite]