Retardo? Feature request: option to disable login by username (email-only)

[Luke Skinwalker]

Usernames are publicly visible to all. Emails are private, none can see anyone else's email but the user and admins (can regular mods, a.k.a. Crispy see them? I sure hope not. Fuck off, you old turd! STOP LOOKING AT MY EMAIL ADDRESS!)

There's not much of a chance of someone managing to HAXXXORZZ someone's account just by knowing their username, but nonetheless, I would like an option to disable login by username, and make it by email+password+2FA+3FA+IP address+five secret questions+magic ritual+solving Fermat's theorem only.

If it's too hard to make this a global setting, then allow for each account to decide that for xirselves in our account settings.

Thanks,
Sherry
This post is pending Infintroon's approval

 

[Vic]

I request a login via secret handshake.

 

[mediocrepoet]

I request a login via secret handshake.

Just wait. Mandatory rectal scans are coming soon.

 

[Vic]

TAKE MY VIRGINITY CRISPY

 

[ds]

Login should be reduced to a single button without any input fields. When you click it our friendly mossad agent will decide in real time if you are allowed to log in and which account belongs to you.

 

[DarkUnderlord]

There's a mod that does this. But I'd need huge numbers of people wanting it before I considered it, as it does become a global setting. It also becomes another mod we have to carry around every-time there's an update, so if it's not updated, it's back to default.

 

[Sergio]

I request a login via secret handshake.

Just wait. Mandatory rectal scans are coming soon.

NOW you're telling me it wasn't mandatory?

 

[Semiurge]

I still don't know why this is needed.

 

[InD_ImaginE]

There's a mod that does this. But I'd need huge numbers of people wanting it before I considered it, as it does become a global setting. It also becomes another mod we have to carry around every-time there's an update, so if it's not updated, it's back to default.

Use email and disable 2FA?

After all can't bruteforce if you don't know the email.

2 problems are solved this way

 

[Luke Skinwalker]

There's a mod that does this. But I'd need huge numbers of people wanting it before I considered it, as it does become a global setting. It also becomes another mod we have to carry around every-time there's an update, so if it's not updated, it's back to default.

Y... you're alive?!

 

[Haba]

Use email and disable 2FA?

After all can't bruteforce if you don't know the email.

2 problems are solved this way

Nah, if they have your password, they also have your email address.

 

[Clockwork Knight]

I still don't know why this is needed.

It's one extra thing for someone to guess, right now the site asks for "your username or email" and your password.

 

[Twiglard]

I'm not convinced that people with these leaked password databases don't have the email as well.

 

[Luke Skinwalker]

I still don't know why this is needed.

It's one extra thing for someone to guess, right now the site asks for "your username or email" and your password.

What extra thing, you don't need BOTH the username AND the email, just one of them. The usernames are all public, so a potential hacker already has all of them.

 

[InD_ImaginE]

Use email and disable 2FA?

After all can't bruteforce if you don't know the email.

2 problems are solved this way

Nah, if they have your password, they also have your email address.

I mean yeah if they got it from a leak there is nothing you can do anyway

But the mass delete in ukraine thread iirc was because of brute force? O r was it due to leak? Because that was what causing mods went full gay with 2FA right?

 

[Haba]

Use email and disable 2FA?

After all can't bruteforce if you don't know the email.

2 problems are solved this way

Nah, if they have your password, they also have your email address.

I mean yeah if they got it from a leak there is nothing you can do anyway

But the mass delete in ukraine thread iirc was because of brute force? O r was it due to leak? Because that was what causing mods went full gay with 2FA right?

Not brute force. People use the same username/password combo on multiple sites, site gets hacked, data gets leaked.

 

[Semiurge]

Does it still take decades to brute force a strong password with dozens of letters - both upper and lower case, numbers and misc. characters? I imagine brute forcing is simply not worth it anymore as there are easier ways to obtain passwords and other session tokens.

 

[Nano]

I request a login via secret handshake.

Just wait. Mandatory rectal scans are coming soon.

Can't wait to compare rosebuds with the guys here.

 

[Stella Brando]

Men should have to send proof that they're 190 cm/6 feet tall

 

[Luke Skinwalker]

190 cm/6 feet tall

That's two very different heights, xister.

 

[Cohesion]

190 cm/6 feet tall

That's two very different heights, xister.

You won't make either being asian midget. The difference is moot.

 

[Luke Skinwalker]

190 cm/6 feet tall

That's two very different heights, xister.

You won't make either being asian midget. The difference is moot.

I am exactly 6 feet tall, tataro-mongol.

 

[Cohesion]

190 cm/6 feet tall

That's two very different heights, xister.

You won't make either being asian midget. The difference is moot.

I am exactly 6 feet tall, tataro-mongol.

Good for you. I am 190cm ARYAN.
When you prayed to your judeo-christian cuck god I've studied blade.

 

[Luke Skinwalker]

Good for you. I am 190cm ARYAN.

You're persian? They're fairly brown and very much central asian. Also, a 5cm difference is completely irrelephant.

 

[muckguppy]

login by sticking my dick in your ass