Jump to content
IGNORED

Login Security Update - only allowing email sign in


Gloves
 Share

Recommended Posts

Administrator · Posted

Hey all, in the ongoing battle for keeping the site secure, we're going to be moving to email-only sign-in in the near future. 

What does this mean?

Currently you probably log in to the site with your username. You'll need to start logging in using the email you signed up with.

Why?

Security is the primary reason. Basically, your username is public information (everyone on the internet can see your username) and is currently half of the information needed to log into your account (the other half being your password). If you have a weak password (I imagine at least some folks do) then a malicious person would just have to guess your password (botting tools are often used) and they can gain access.

On the other hand, NOBODY knows your email on the site except for admins and moderators with special access.

When?

The site's login system has been as-is for a few years now, so a little bit more time won't hurt, but you all know security is important here and we want to do our best to support the community and keep your information as private and protected as possible. I anticipate that I'll press the proverbial button within a month's time. I'm making an announcement bar at the top of the site so everyone who logs in has a chance to see it.

 

If you have any issues or concerns let me know directly, or post in here. 

  • Like 11
Link to comment
Share on other sites

Member · Posted

As an oldschool internet dude, I've always been a little recalcitrant on the email-address-as-username thing, but this makes sense. So okay I'm on board.

And while I'm here let me just take this opportunity to also say thank you and no amount of thanks will ever be enough, for what you have done and continue to do for this community. It was really disappointing how N*Age ignored your honest suggestions for improvement or just maintenance, like the SSL cert, a pretty basic part of the functionality of any website. yeah 

 

And when they imploded by lack of care, you among others but you 

  • Agree 2
Link to comment
Share on other sites

Administrator · Posted
12 hours ago, Link said:

As an oldschool internet dude, I've always been a little recalcitrant on the email-address-as-username thing, but this makes sense. So okay I'm on board.

And while I'm here let me just take this opportunity to also say thank you and no amount of thanks will ever be enough, for what you have done and continue to do for this community. It was really disappointing how N*Age ignored your honest suggestions for improvement or just maintenance, like the SSL cert, a pretty basic part of the functionality of any website. yeah 

 

And when they imploded by lack of care, you among others but you 

As an oldschool internet dude myself, I appreciate your apt use of the term "recalcitrant".

  • Haha 2
Link to comment
Share on other sites

Editorials Team · Posted

One of my professors in college would go on scheduled tirades about (among other things) how bad Amazon's website was, how dumb we all were for not spending our time exactly as he did in college, and... how dumb websites were for using email addresses as logins. "email addresses change!"

Discussions would ensue, usually the same ones over and over.

Anyway, I'm just reminded of that professor. Thanks for keeping us secure @Gloves.

If anyone needs help choosing a nice, secure password, here are some suggestions: https://en.wikipedia.org/wiki/List_of_the_most_common_passwords

Link to comment
Share on other sites

Administrator · Posted
8 minutes ago, Splain said:

One of my professors in college would go on scheduled tirades about (among other things) how bad Amazon's website was, how dumb we all were for not spending our time exactly as he did in college, and... how dumb websites were for using email addresses as logins. "email addresses change!"

Discussions would ensue, usually the same ones over and over.

Anyway, I'm just reminded of that professor. Thanks for keeping us secure @Gloves.

If anyone needs help choosing a nice, secure password, here are some suggestions: https://en.wikipedia.org/wiki/List_of_the_most_common_passwords

Fortunately you can always change your email address on the site lol. Just gotta log in first! 

Link to comment
Share on other sites

Social Team · Posted
39 minutes ago, Gloves said:

Fortunately you can always change your email address on the site lol. Just gotta log in first! 

I don't know if it's good practice but I know some require you to approve the e-mail change be sending you an e-mail to that address you don't want to use any more.  I really wish I didn't use my college e-mail account for everything when I was in college.  But that could just be me not liking how my college handled my e-mail account 5 years later.  Though it IS a step up from using my AOL e-mail that I had prior to college.  Damn me for not realizing gmail was the real e-mail account to use for long term accounts.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...