and whilst we fiddle with logins, can we also fix the issue that memrise.com doesn’t remember that I am already logged in? clicking on Login takes me to app.memrise.com, which displays the login page, which a second later disappears as the system has now detected that I am indeed logged in…
… and while we’re at it , since yesterday whenever I log out from the Merise Forum, it automatically logs me back on a few seconds later. I could only log out from the forum if I first logged out from the learning site. Weird!
At the moment two things a bad actor needs to know to break-in your account: email and password. Such combination makes break-in almost impossible. However, if your login is your username it becomes though still hard, but possible, because there’s only one thing is missing which is your password. Knowing your login details, someone could brute force your password manually (many people have simple passwords) or via a script and steal your account.
That’s why you see captcha on login pages of some websites - its purpose is to stop brute force attacks. But there are also scripts to recognize captcha, so it could not prevent such attacks altogether. Anyhow, I’m always wondering when I see nickname login, it’s just anti-secure.
The email requires my MemRise log-in password, but as they offer username as an option, it is not that safe.
The only safe system would be to remove username altogether.
Although a “I am not a robot” Captcha system might help.
As the advice says, always use multiple form passwords (strung together) and unique to every platform. (And I never allow a system to remember them for me!)
, since yesterday whenever I log out from the Merise Forum, it automatically logs me back on a few seconds later. I could only log out from the forum if I first logged out from the learning site. Weird!