Re: Username VS User name VS alternatives
Reply #6 – December 30, 2013, 06:44:32 pm
Email login seems like a better option. Keeps the bots from scanning the pages picking up usernames like what happened some time ago. Sites were getting slammed with those bots trying to brute force a user name login. Keeping login username hidden is just one small step to better security IMO.
Re: Username VS User name VS alternatives
Reply #7 – December 30, 2013, 06:49:46 pm
Yup what IchBin said. Should also require a real name on the registration form, or just use the stuff left of @ in the email. All that plus harmonize those darn names in the code, you know names are names and id's are id's !
Re: Username VS User name VS alternatives
Reply #8 – January 18, 2014, 05:43:30 pm
emanuele
Global Moderator
I was thinking about it a bit more: there is also (maybe) another point to consider: integration with other systems. For example, as far as I understand, the integration with MediaWiki works only if there is a username, and use the email address as username is not so nice usually. So, what we could have to do, is keep the member_name, and use it for a sort of normalized username (strip or replace with _ or other, anything that is not... [\w\d\-]) in order to be used in case. This member_name would remain the same no matter what and no interface to change it. ETA: forgot to add a piece: obviously, that may cause member_name clashing, so during registration it would be necessary to check if another one already exists and in case... dunno, add a 1 at the end and check again or something smarter...