ATTENTION ALL: Changes to the login process are coming.

[BeccaMumsnet]

Hi all,

We wanted to let you know in advance about a change we're making to the login page on Mumsnet, which will take effect from Monday.

As you'll all know unless you've been living under a rock for the last two months we've been looking very carefully at our site security in the wake of the hacking attacks in August. We've done a lot of work behind the scenes, but one of public changes we've decided to make is to remove the option of logging in using your username.

On a forum on which usernames are visible to the public, the wisdom now is that it's imprudent to allow people to log in with their usernames, on the grounds that a determined attacker could take their name and employ a piece of software to crack their password (this is known as a brute force attack). It's far more secure to require people to log in using their email addresses, since a hacker would have no way of knowing that.

From Monday on, therefore, we're going to remove the option of logging in using your nickname and password, and ask you to sign in using your email and password instead.

Alternatively, if you prefer, you can still log in via Facebook or Google+.

If any of this doesn't make sense, or you've any further questions, please do ask here or email us on [email protected]

Thanks all
MNHQ

[G1veMeStrength]

Thanks MN, good luck with the change.

[Pipbin]

Makes a lot of sense. I'll need to remember password now!

[ItsAllGoingToBeFine]

Sounds very sensible to me ? Glad to know you are keeping an ongoing eye on site security

[Sirzy]

Will we all be logged out on Monday then or is it just when we next log in?

[Anastasie]

I only sign in with my email anyway but thank you for the heads up and such a clear explanation.

[Anastasie]

By the way, seeing as there will be some geeks on this thread

Is it considered a faux pas to write all of one's passwords in one place, and keep it safe somewhere in the house?

I feel odd about using an internet site to store them.

Thank you

[Anastasie]

ones

sorry rogue apos.

[diddl]

So email addresses will be safe against hacking when entered on the log in page?

[Stratter5]

Its how I store mine, Anastasie, otherwise I'd never remember them.

[sickofforgettingpassword]

Do I have to login again or will my phone stay logged in... As my username suggests I have issues with passwords

[SconeForAStroll]

Umm, Becca, I don't use the email address I registered with anymore, so I log in via Facebook. I don't know how it knows who I am it might as well be voodoo will I need to change anything?

[Anastasie]

Thank you Stratters

[Stratter5]

No worries, I have to - mine are all unique, and really random using cryptic crossword clues as a starting point, then mucked about. I have hidden the piece of paper though, I figure it's a damn sight safer in a house with thousands of hiding places and nothing to entice a burglar.

[AuntieStella]

I wouldn't want the email address I use at the moment to be the one that I use to log in. OK, I hope that phishing of that sort won't happen again, but I'd prefer to have a different address for this purpose.

Can I change it before this rolls out? (Are there clear instructions somewhere?)

And would that bugger up any communications from MNHQ (vaguely recall difficulties that some users have had if they've changed email address, but can't remember what and if it's things that could happen again).

[diddl]

My email address is old & is my name

I do only use it for MN, but would prefer to change it if it's easy to do so, I think.

[ThumbWitchesAbroad]

Thanks MNHQ.

I used to be able to remember all my passwords, but now I'm having to write them down on a bit of paper as well, especially since they're getting more complicated with clever symbols as well as just letters and numbers. AND because I'm being sensible and having different passwords for every single site I use. BUT I have sort of encrypted which site the passwords are for - I understand it, but I doubt any random person looking at the list would! Certainly not immediately. And it's hidden well.

[Stratter5]

Exactly the same here, Thumb, my many, many passwords are simply too complicated to remember, so I've sort of got a coded shorthand note of them all.

It's hidden in a book. Stuck inside so it won't fall out.

There are thousands and thousands of books in my house. They'll never find it

[PrueDent]

Oh no!

i've had to change passwords on several sites recently and am struggling to remember them all.

I sense another email to hq asking for another password reset

[EcclefechanTart]

Does this mean that, in the event of another phishing attack, the hackers will be able to harvest our email addresses as well as our usernames and passwords?

[hollyisalovelyname]

Eccle that worries me also.

[Jaxsbum]

Good idea mn hq

[AndDeepBreath]

They did get email addresses too didn't they? (That was part of the problem which made having the passwords so worrying as those addresses could log into other accounts?)

[AndDeepBreath]

Also yes, good idea.

[IfIToldYouIdHavetoKillYou]

I changed my e mail address for mumsnet to one that I don't use anywhere else. It's very easy to set up a new hotmail or gmail account. You don't have to use any real details.
Stratters I have an alphabet address book for my passwords. All in code though

[diddl]

I was "hacked" if that's the right term.

So if they already know my email address & username, how is this any more safe as they managed to find out my password before?