A while ago I shared a link to that old article about how someone hijacked the author's Twitter username, and one thing mentioned in the article was how the author was constantly getting bombarded with password reset e-mails. That kind of reinforces my opinion that Mastodon shouldn't allow login-by-username and stick to login-by-email only.
@Gargron Makes sense
@Gargron im not sure how that helps? keeping email addresses secret is kind of a security by obscurity thing, and there are plenty of countermeasures that can be taken to avoid someone getting deluged with password reset requests
also it has absolutely stymied my attempts to make a kit that makes it really easy to add one-touch xmpp support that authenticates against mastodon, which would be a really cool thing but it HAS to be as seamless as possible or nobody will ever use it, and no admins will ever install it
@dissy614 @Gargron even those who arent good at passwords and such, i think it hampers adoption of mastodon. they remember their username, but not which email they signed up for, and go fuck off instead of logging in after they remember its a thing a few weeks/months later
hell, it's really annoying WITH a password manager with test accounts and such, because i'll be hecked if i can remember what account testwitch23 or one of my several email addresses was assigned to
having to know the email associated with the account is still another factor of information, no matter how easy it may be to figure out or guess
@Gargron all services should offer this
Something to keep in mind.
@Gargron Hey, works great for me. No inconvenience I can see.
@Gargron login by username never made much sense to me because the username is just one more thing to remember. When a service insists I use a "login" of some sort instead of a email or phone number, I struggle to remember my username. Was it grishka? Or maybe grishka11 because grishka was taken? Or grishkaa? Or grishka93? And so on. I think I requested a password reset email on some services just so they include my username in that.
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!