Why does Fluther have Users login with their published user names?
Asked by
Polaris (
74
)
May 14th, 2016
That’s way easier to hack, no?
Whereas, requiring an unknown/unpublished email instead…, the odds are exponentially harder to hack an account.
I guess it’s not an issue if no one here has been hacked before, but on face value it seems like a bad idea.
Just curious. Maybe there is something beneficial I’ve not thought about. (I’m no website designer.)
Observing members:
0
Composing members:
0
3 Answers
Honestly, there’s probably no other reason than because that was the standard at the time. In 2006 (which is when the site launched), basically every website used a username to login. Even now, the vast majority work that way. It’s definitely easier to break into an account when you start with half of the needed information, but it also used to be a lot easier to lose access to an email address. Maybe that had something to do with the username becoming such a ubiquitous login item?
(I’m no web designer either, so I can’t say for sure.)
This isn’t exactly a high-priority site for hackers, anyway.
Well, the odds are pretty slim that someone would brute force your password and I sure as hell hope Fluther has implemented some sort of flood control for login attempts similar to fail2ban and there is this.
If someone breaks into the server and snatches the database it is irrelevant anyway. In fact you are better off just using a username that is unique to the site and giving a fake email.
Answer this question 
Composing members:
0
