Future Login Changes: Logging in with Email Address Instead of Display Name

[Rook 561.9k Donor]

Hello everyone!

This is an announcement to inform everyone about the upcoming changes to iOSGods Logins. Currently, iOSGods allows Display Name Sign Ins, which is very convenient, but, it poses a security weakness to the accounts.

Why are Display Name logins an issue?
That is a good question! And the answer to that is all Display Names are publicly viewable by anyone, and knowing the user's display name allows the malicious user to attempt to login to multiple accounts with common passwords until they find an account for which the passwords work. And we all know there's always those people who use the same passwords everywhere.

As you can understand, Display Name logins make it easier for a malicious person to do bad things — we do not want that. We have already added a CAPTCHA on login which greatly helps securing the user's account,
and we automatically lock a user account for a certain period of time upon multiple failed attempts, and we also believe switching over to email only logins will secure accounts even further.

We understand this may be an inconvenience to some, but it is necessary. So during the "transition" period, we will allow users to login via Display Name or Email Address so they can get accustomed to the new change.
Then we will move over to email address logins only. We have also added an announcement on the login page regarding this change.

 

What you can do in advance

1. Ensure the email address associated with your iOSGods account is correct and that you have access to it.
2. We will be enabling Display Name & Email logins for a while so users can get used to the new changes. Login with your email to check & verify all is correct.
3. If you're using social logins like Twitter or Google, you should still make sure that the email address on your iOSGods account is correct.

 

What will we do in advance

1. At some point we will be checking in with our members to make sure their emails are up to date.
2. This topic serves as an early notice and we'll also be displaying a message on the login screen as well as a contact email address for support.
3. If there are any issues at all with logging in, we will be available for community's email.

 

We've seen enough unsuccessful brute-force attempts on accounts on our community to make this a sensible move.

Thank you for understanding!

 

Visual example of what we're talking about:

Updated February 4, 2025 by Rook

[Ahmedoo94 30.9k Donor]

[Puddin 92.8k Donor]

Cool!

[S13GE 2]

Can you add the link for authy along with this post for those that don’t know it’s an option 

[Rook 561.9k Donor]

2 hours ago, S13GE said:

Can you add the link for authy along with this post for those that don’t know it’s an option 

You’re referring to 2FA? We’ve been thinking of forcing it for ViPs but it’s way more inconvenient.

[S13GE 2]

6 minutes ago, Rook said:

You’re referring to 2FA? We’ve been thinking of forcing it for ViPs but it’s way more inconvenient.

Yeah 2FA, don’t we use text for Authy? I don’t much care for google Authenticator.

[Rook 561.9k Donor]

35 minutes ago, S13GE said:

Yeah 2FA, don’t we use text for Authy? I don’t much care for google Authenticator.

Authy would work the same too, but it’s still a bit much.

[disp123 0]

n

nice

[Yobbon 0]

Dxx

[St3v3n 0]

sick