I just had a FREAKOUT because I suddenly forgot my last.fm password, and because I signed up in 2005, I didn’t have an email address associated with my account (shit was super weird back those days, huh?) and couldn’t remember whether or not I actually used my correct birthday, so I had no password reset options.
BUT it turns out I was still logged on through one of my accounts, and through what is a SERIOUS SECURITY FLAW, last.fm allows you to change or enter your email address in your settings without entering a password. (Seriously, last.fm, that is bad practice!!!)
So, long story short, I am thankful for websites that don’t have their shit together re: password security, and am becoming slightly uncomfortable with how I am using 1Password as a memory replacement.
