Login security

[asneakyone]

MNHQ, I know you've tightened up your password rules since the recent security breach, but it strikes me that you're still vulnerable so long as you allow people to log in with their Usernames. These are easily harvestable in bulk from the talk pages, and hackers can simply run algorithms which try millions of relatively guessable passwords (simple combos of dictionary words, names, numbers and common patterns of capitalisation etc) against each one in turn.

If the option to use usernames was removed and we were forced to use our email addresses instead, then the site would be far more secure.

[RebeccaMumsnet]

Hi asneakyone,

Thanks for the suggestion.
It's one of the security improvements we're considering and we'll inform the users ahead of time if/when we're going to make this change or any other changes that will directly change the way that you log into Mumsnet.