Mark Shaw Posted January 7, 2022 Share Posted January 7, 2022 Notification is unclear regarding the change to email address login names. If only the login name is shown, it won't take much to complete email addresses when a scammer just needs to fill in gmail.com or Yahoo.com etc... I did try to activate my login via Facebook, but it currently is not working. What security will we have if anyone can find our complete email address? Link to comment
ply33 Posted January 8, 2022 Share Posted January 8, 2022 11 minutes ago, Mark Shaw said: . . . What security will we have if anyone can find our complete email address? There are lots of sites that use your email address for your login ID. Seems to be more all the time (in the old days the user ID had nothing to do with your email). That is just a fact of life, so assume that your login ID (i.e. email) is known to everyone. Your protection is having a “good” password and, if the site supports it, two factor authentication. In this context a good password has the following characteristics: It is long, it is totally random, it is unique and different for each and every site and account you have. Unless you are an idiot savant with perfect memory and the inhuman ability to create totally random passwords, the only way to do that is to use a password manager/wallet of some sort. Having each site and account use a different password helps keep your accounts safe: Sites are hacked all the time. You have no control over that. Sites vary on how well the protect your password(s) when they are hacked, you must assume the worst case for the site’s setup and administration. Thus the only safe thing is to assume that every account/site will at some time be hacked and the passwords for that site will be compromised. If this AACA site is compromised you don’t want your email and all your banking, etc. accounts to be compromised too. Many sites allow or require you to have saved answers to things like the city you were married in. The concept is that if you forget your ID and/or password their agent (or computer) can verify who you are and get you back into your account. This is rife for abuse by people who use “social engineering” to find out or guess the answers to all those typical questions. First, don’t share that type of information on any social media. Second, make up bogus answers to all those questions. With different bogus answers for each account/site. Hard to remember? Of course, that is why you also store that information away in your password manager app/wallet too. I happen to use KeePass because it is open source and available on all platforms. There are a number of commercial products as well if you prefer to go that way. Some have good integration with browsers (or are even built into browsers). Some, like most implementations of KeePass, require you copy and paste between the password manager and the browser or app you are logging in with. Link to comment
Bloo Posted January 8, 2022 Share Posted January 8, 2022 I don't see how they would be able to find the email address that easily. In fact, If I have been reading the threads correctly, that is the whole point. Lets say my forum handle is "bloo", because it is, and lets say my password to log into the forum is "s0mepassword". It isn't, but bear with me. Additionally, lets say my email address is "whatever@gmail.com". That isn't correct either, but will do for an example. Right now, to log into the forum, I type bloo as the username and s0mepassword as the password. The forum software has my email address, but does not publish it. The software just uses it to alert me if someone mentioned me, or responded to a thread, or whatever. It does so by sending me email. After the change, I will type whatever@gmail.com as the username and s0mepassword as the password in order to log into the forum Nothing else changes. My forum handle once I am logged in will still be bloo, and whatever@gmail.com will still be unpublished by the software. Why is this better? Because everyone in the world who has ever read this forum, logged in or not, knows the username "bloo" because it is my forum handle. They only have to guess the password "s0mepassword" to log into my account. After the change, they will have to guess both the email address whatever@gmail.com and the password s0mepassword at the same time to log into my account. Since whatever@gmail.com is not published by the software, someone trying to illicitly log into my account probably doesn't have it. Anyone who has ever had a PM from me has my real email address and other contact info, unless I forgot once somewhere along the line. Generally speaking, a bunch of regular posters here have it, but the whole world does not. I don't quite understand how any of this would help somebody guess your email address. If your email address, unlike mine, is already published all over the Internet, then this isn't much of a security improvement, but I don't see how it could be worse either. I don't know about the Facebook login. As someone who worked in IT for a while, I consider a common login over multiple sites, no matter who it is with, to be an extremely bad idea, and I will probably never do it. Lots of people do it though, and I am sure Peter will have the answer. My best guess is that if you are using Facebook rather than logging into the forum directly, you are not typing the username anyway, and you probably won't see the change at all. 1 1 Link to comment
Mark Shaw Posted January 8, 2022 Author Share Posted January 8, 2022 15 hours ago, Mark Shaw said: If only the login name is shown, it won't take much to complete email addresses when a scammer just needs to fill in gmail.com or Yahoo.com etc. I really don't want to make it easy for anyone to get my email address. So, will the forum software show the email user name? Please clarify... Link to comment
billorn Posted January 8, 2022 Share Posted January 8, 2022 17 minutes ago, Mark Shaw said: I really don't want to make it easy for anyone to get my email address. So, will the forum software show the email user name? Please clarify... No. Email address will not be shown. 1 Link to comment
Peter Gariepy Posted January 9, 2022 Share Posted January 9, 2022 On 1/8/2022 at 8:18 AM, Mark Shaw said: I really don't want to make it easy for anyone to get my email address. So, will the forum software show the email user name? Please clarify... NO Link to comment
Peter Gariepy Posted January 9, 2022 Share Posted January 9, 2022 Please read the notice: Link to comment
Peter Gariepy Posted January 9, 2022 Share Posted January 9, 2022 On 1/7/2022 at 4:47 PM, Mark Shaw said: What security will we have if anyone can find our complete email address? No one can "find" your email address. The forum is hosted on "Amazon Web Services". Please see their extensive security protocols. https://aws.amazon.com/security/ Link to comment
Mark Shaw Posted January 10, 2022 Author Share Posted January 10, 2022 Thanks for the clarification.... Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now