Change to forum log in process

[Alan W]

I'm planning to make a change shortly to the way people log in to this forum. Instead of specifying user name and password, you will specify email address and password.

The reason for this is that somebody has been trying to get into the forum by repeatedly attempting to log in with various user names, taken from recent forum posts. The error log is full of failed log in attempts - there has been one every few minutes for several days. This is not something personal against us - it has been happening to many forums that use the same forum software, SMF. It is undoubtedly a completely automated process. Presumably the passwords being tried are random, and I can't see any sign that any of these attempts has been successful.

I have no idea what is the intention of these would-be intruders - maybe just to post spam in as many forums as they can. Probably their chances of succeeding are not very good in any particular forum, but I'd rather not leave it to chance. Also, there is a danger of a forumite's account being suspended because of too many failed login attempts.

Since emails are hidden by default, the new method of logging in should be more secure. Some other forum administrators have used this approach successfully.

If you use the "always stay logged in" option, you will only need to input your email address once. After that, you will be automatically logged in, as before. If you're not sure what email address you gave when you joined the forum, you'd better check it now - it's in your profile.

I'll probably make this change in a day or two.

[technomc]

My email is different from when i joined up...i have changed my profile to include my new email address...is this likely to cause a bother???

I hate change....but can see why you are doing it Alan....

[anonsi]

Thanks, Alan! I'm all for doing anything we can to stay one step ahead of these jerks!

[nineoaks]

Dear Alan:

 ...So, in a day or two, I won't be able to log in, but a screen will appear asking for my password, at which moment I will enter my email address, right? In other words, I can't make the switch until you implement the new procedure. Yes?

Thanks for your vigilance,

nineoaks

[Alan W]

That's right, nineoaks, you'll probably get a message saying "That email address doesn't exist" and a form will appear where you can log in using your email and password.

[ilandrah]

Also a good time to revise your password.
The strongest passwords have letters, symbols, numbers and a variety of upper and lower case.
It is also advisable to use a word that doesn't exist in a dictionary - adapting the characters is a good way to do this.
As an example P4$sword is much more difficult to crack that password.
It is further advised by experts that you have a different password for each login, so if one account becomes compromised and a hacker gains access to your personal information they still wont be able to easily access your other accounts.

[Nova]

Oops, the email I have given is one I use only when
I register to internet sites, and that so rarely, that I
have to reactivate my account every time I use it!
Will this be a problem? (I can change to my real
email address if necessary, by now I will trust
you with my real name, Alan!) 

[Alan W]

Nova, it doesn't matter whether the email address you have used is still active. In the new login process it will be used merely as a way of identifying you - in other words, it's just another string of characters. (But it has the advantage that, unlike your user name, it's invisible to most visitors to the forum.)

[Alan W]

I have now made this change.

If anyone is unable to log in to the forum, email me at forumadmin@lexigame.com, and I'll sort things out.

Sorry for any inconvenience.

[TRex]

I have now made this change.

I didn't have to do a thing. (That was easy!)

Well done, sir!

[Alan W]

It turned out to be less troublesome than I'd anticipated - at least for those of us who had previously logged in "forever". Our existing login status is still recognized.

[Alonzo Quixote]

I just logged off and then logged back in.  There was nothing different than when I had logged in previously. It was absolutely seamless.

Perhaps the changes you just made will effect only those people who have not logged in before...

[Alan W]

Well, it's certainly stopped the bad guys' login attempts, so I'm happy!

[technomc]

Here i am..logged in...It worked a dream.

[ada]

I see RM has done it again!
That is, she got all the common words without contaminating her list with any of the 'rarer' ones.  I reckon that is really clever and there ought to be a special prize for that; perhaps a double rosette if you one gets all the common words first.  That will make it trickier to do.
congratulations, RM for doing something I have never been able to do.
ada