Poll

We are thinking of forcing log-in by email address rather than visible user name. This should cure the spambot-driven logouts some users are experiencing. Is this?:

an unacceptable inconvenience
3 (5%)
slightly irritating
7 (11.7%)
no problem
42 (70%)
sesame honey baklava
4 (6.7%)
unfair to spambots
4 (6.7%)

Total Members Voted: 60

Author Topic: Possible log-in change - feedback and votes please  (Read 3798 times)

Offline bubba

  • Administrator
  • forum hero
  • *****
  • Posts: 2736
Possible log-in change - feedback and votes please
« on: February 20, 2011, 11:00:28 am »
Echoing a similar topic started by Toby on ukbouldering:

Bubba thinks this is the way forward. Anyone have any concerns or problems? All registered users already have email addresses registered at the site - you can find yours at your profile.

An obvious problem is infrequent users who aren't aware of the change in procedure and have forgotten their registered email address. This can obviously be solved by a manual process (email the admins) but some people may not be arsed ...
=:blubba:=

[ nsfw ]

Offline Elaine

  • forum hero
  • *****
  • Posts: 2187
  • Axbridge Caving Group
Re: Possible log-in change - feedback and votes please
« Reply #1 on: February 20, 2011, 11:19:17 am »
Would this be a problem where two of us share an email address?
Wot tiny writing!

Offline bubba

  • Administrator
  • forum hero
  • *****
  • Posts: 2736
Re: Possible log-in change - feedback and votes please
« Reply #2 on: February 20, 2011, 12:30:39 pm »

You can't / shouldn't be sharing an email address.

By that I mean you can't register two profiles with the same email address - the forum won't let you.
=:blubba:=

[ nsfw ]

Offline JessopSmythe

  • obsessive maniac
  • ***
  • Posts: 382
  • SWCC
    • South & Mid Wales Cave Rescue Team
Re: Possible log-in change - feedback and votes please
« Reply #3 on: February 20, 2011, 02:04:30 pm »
Like Bubba said on the forum woes thread, if you use a decent password manager like LastPass then the change won't affect you anyway.
"If at first you don't succeed, try again. If that doesn't work, quit. There's no point being a damn fool about it" Homer Simpson

Offline Hughie

  • forum hero
  • *****
  • Posts: 1630
  • SMCC & ACG (finally paid my subs)
Re: Possible log-in change - feedback and votes please
« Reply #4 on: February 20, 2011, 03:50:24 pm »

You can't / shouldn't be sharing an email address.

By that I mean you can't register two profiles with the same email address - the forum won't let you.

But it does......
Just done it.

Offline bubba

  • Administrator
  • forum hero
  • *****
  • Posts: 2736
Re: Possible log-in change - feedback and votes please
« Reply #5 on: February 20, 2011, 04:15:53 pm »
Really? Are you sure?

I've just tried to register another account using the email address in use on this one and it wouldn't let me.

I then tried to change another already existing account to use that email address and it also wouldn't let me.

Please let me know how you got round the checks, and the two profiles involved. I've checked your profile and there's only one user using your email address.





=:blubba:=

[ nsfw ]

Offline bubba

  • Administrator
  • forum hero
  • *****
  • Posts: 2736
Re: Possible log-in change - feedback and votes please
« Reply #6 on: February 20, 2011, 06:41:59 pm »
Also, it'd be interesting to hear from those who have voted for "unacceptable inconvenience".  Presumably if you have chosen this option then if we implement these changes you will no longer be using the forums.

Is this because you haven't been repeatedly logged out by bots, don't care that loads of other people have been, or just can't be bothered typing a different series of characters in order to gain access? Or is it something else?
=:blubba:=

[ nsfw ]

Offline Anon

  • Nobody
  • Newbie
  • *
  • Posts: 2
Re: Possible log-in change - feedback and votes please
« Reply #7 on: February 20, 2011, 06:46:19 pm »
Is this because you haven't been repeatedly logged out by bots, don't care that loads of other people have been, or just can't be bothered typing a different series of characters in order to gain access? Or is it something else?
Sounds about right.
I'm all for the changes and can't see why it would be an inconvenience in the slightest!

Offline Les W

  • Hard cavin'
  • forum hero
  • *****
  • Posts: 5195
  • Wessex Cave Club, UCET
    • Wessex Cave Club
Re: Possible log-in change - feedback and votes please
« Reply #8 on: February 20, 2011, 06:50:16 pm »
But unless you log on at a shared computer, you only need do it once and let it remember and there is no further inconvenience. Its a no brainer for me.
I'm a very busy person

Offline Cap'n Chris

  • forum hero
  • *****
  • Posts: 12065
Re: Possible log-in change - feedback and votes please
« Reply #9 on: February 20, 2011, 06:54:19 pm »
It's me, a no brainer, too.

Offline droid

  • forum hero
  • *****
  • Posts: 1828
  • WMRG
Re: Possible log-in change - feedback and votes please
« Reply #10 on: February 20, 2011, 06:58:38 pm »
But unless you log on at a shared computer, you only need do it once and let it remember and there is no further inconvenience. Its a no brainer for me.

Not always.

Not for me, anyway. But logging in manually takes seconds, only a slight inconvienience.
No longer 'Exceptionally antagonistic' 'Deliberately inflammatory'

Offline JasonC

  • junky
  • ****
  • Posts: 870
  • KCC
Re: Possible log-in change - feedback and votes please
« Reply #11 on: February 20, 2011, 07:08:54 pm »
Bubba thinks this is the way forward. Anyone have any concerns or problems? All registered users already have email addresses registered at the site - you can find yours at your profile.


- but we could still log in and stay logged in, I take it ?  If so, then no problem whatsoever.

Actually it wouldn't be a big deal even if we had to log in each time.  Decent browsers allow you to remember login credentials for a page, so when you've done it once, it's only a click to log in subsequently.

Offline bubba

  • Administrator
  • forum hero
  • *****
  • Posts: 2736
Re: Possible log-in change - feedback and votes please
« Reply #12 on: February 20, 2011, 07:25:22 pm »
The only difference to how things are now is that when you actually have to login to the forum, instead of typing your username in the "username" field you'd type your email address. Nothing else changes.

The bots are logging people out because they have a look at the forum, collect usernames from posts and then attempt to log in as that user by trying to guess their password. This logs the real user out.

If the new system is implemented this will never happen. The bot will attempt to log in using the username, but as the forum won't recognise that as a valid login attempt (unknown user), the real user cannot be logged out.
=:blubba:=

[ nsfw ]

Offline Elaine

  • forum hero
  • *****
  • Posts: 2187
  • Axbridge Caving Group
Re: Possible log-in change - feedback and votes please
« Reply #13 on: February 20, 2011, 07:44:03 pm »
I'm happy to do whatever is necessary to log on - although if I have a different email address to Hugh I hope you are able to let me know what it is! As I don't know.
Wot tiny writing!

Offline AndyF

  • forum hero
  • *****
  • Posts: 2892
    • http://www.keyhole.org.uk
Re: Possible log-in change - feedback and votes please
« Reply #14 on: February 20, 2011, 07:47:08 pm »
I don't mind , you guys have to do what is best, but isn't it simpler to just not log out a user on a failed login attempt?

I suppose though, doing as you propose reduces the risk as a successful spam-bot login where people have used a poor password (e.g. their username!)



"Life's a pitch, then you fall down one..."

Offline bubba

  • Administrator
  • forum hero
  • *****
  • Posts: 2736
Re: Possible log-in change - feedback and votes please
« Reply #15 on: February 20, 2011, 07:57:00 pm »
I'm happy to do whatever is necessary to log on - although if I have a different email address to Hugh I hope you are able to let me know what it is! As I don't know.

You can check by looking in your profile at "account settings".

It's a pretty rare situation where two people only have one email address between them - don't you have a webmail account somewhere?
=:blubba:=

[ nsfw ]

Offline bubba

  • Administrator
  • forum hero
  • *****
  • Posts: 2736
Re: Possible log-in change - feedback and votes please
« Reply #16 on: February 20, 2011, 08:08:11 pm »
isn't it simpler to just not log out a user on a failed login attempt?
You're allowed three incorrect login attempts. After that you get sent to the password reminder screen.

This also has the side-effect of logging you out elsewhere. I guess that the SMF designers made the decision that if you can't remember your password then you shouldn't be logged in in the first place! This is a fair assumption but the decision was probably made before these bots were common - it's possible that things may change in SMF 3.0 but that's going to be years away so we have to work with what we have.

There is the option to increase the threshold of incorrect login attempts but that wouldn't really make any difference as these bots plug away 24/7.
=:blubba:=

[ nsfw ]

Offline paul

  • Global Moderator
  • forum hero
  • *****
  • Posts: 4012
  • Orpheus CC, NPC
    • Orpheus Caving Club
Re: Possible log-in change - feedback and votes please
« Reply #17 on: February 20, 2011, 08:11:15 pm »
No problem with me either.
I'm not a complete idiot: some parts are missing!

Offline graham

  • Retired
  • forum hero
  • *****
  • Posts: 10943
  • UBSS, Speleo-Club de Perigueux, GSG, SUI
    • UBSS
Re: Possible log-in change - feedback and votes please
« Reply #18 on: February 20, 2011, 09:31:05 pm »
But unless you log on at a shared computer, you only need do it once and let it remember and there is no further inconvenience. Its a no brainer for me.

Yup.
Caving is for Life not just for Christmas

Offline ditzy

  • The ditzy caving
  • forum hero
  • *****
  • Posts: 1237
Re: Possible log-in change - feedback and votes please
« Reply #19 on: February 20, 2011, 10:42:50 pm »
better for me as i have changed my forum name but need the old one to log in

Offline Hughie

  • forum hero
  • *****
  • Posts: 1630
  • SMCC & ACG (finally paid my subs)
Re: Possible log-in change - feedback and votes please
« Reply #20 on: February 20, 2011, 10:57:43 pm »
I'm happy to do whatever is necessary to log on - although if I have a different email address to Hugh I hope you are able to let me know what it is! As I don't know.

You can check by looking in your profile at "account settings".

It's a pretty rare situation where two people only have one email address between them - don't you have a webmail account somewhere?

Just checked - Elaine does indeed have a different email address.

Offline bubba

  • Administrator
  • forum hero
  • *****
  • Posts: 2736
Re: Possible log-in change - feedback and votes please
« Reply #21 on: February 21, 2011, 12:55:52 pm »


As of late last night, a developer has published a fix which for the time being has knocked this problem on the head.

Of course, once the bot designers catch up, it's possible that it will start up again, but for now I think we can stall on implementing the email logins.

This problem is now affecting all sorts of forums, not just SMF ones - fight the spam!
=:blubba:=

[ nsfw ]

Offline bubba

  • Administrator
  • forum hero
  • *****
  • Posts: 2736
Re: Possible log-in change - feedback and votes please
« Reply #22 on: February 21, 2011, 01:38:25 pm »

As this has now been (possibly only temporarily) fixed I'm locking the topic.

Thanks for the votes in any case!
=:blubba:=

[ nsfw ]