A while ago I shared a link to that old article about how someone hijacked the author's Twitter username, and one thing mentioned in the article was how the author was constantly getting bombarded with password reset e-mails. That kind of reinforces my opinion that Mastodon shouldn't allow login-by-username and stick to login-by-email only.


@Gargron login by username never made much sense to me because the username is just one more thing to remember. When a service insists I use a "login" of some sort instead of a email or phone number, I struggle to remember my username. Was it grishka? Or maybe grishka11 because grishka was taken? Or grishkaa? Or grishka93? And so on. I think I requested a password reset email on some services just so they include my username in that.

@grishka @Gargron but what's wing in using a password manager? that solves a lot, if not all. feel curious.

Sign in to participate in the conversation

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!