Story time: I’m an idiot who managed to forget the password to both my Plex account (sign-in via email) as well as the associated email’s password. With no remaining avenue for recovery, I felt an existential dread knowing that I would one day have my existing credentials expired and have no more ability to log into and manage my account.
While I am aware that I could simply move my server to a new account by invalidating the server preferences.xml, I was unsure how that would affect the accounts I am currently sharing libraries with. I have been forced to re-share libraries in the past and it often clutters the UI of those who don’t fully understand Plex’s customization features (ex. my elderly parents).
As a basic security measure, Plex requires users to know their current password in order to change it. However, linking a Google/Facebook account does NOT require retyping your password. This allowed me to essentially create a backdoor into my own account via a new separate login/password pair. This seems like a potential point of failure for security, but in its current form it actually helped me re-access core functionality like authorizing new devices. I am writing this both as a possible security warning for the developers and as a PSA for anyone who may find themselves in a similar situation to me.
