[Feature request] Clarify or Enhance log- ins

This should be a very simple and quick issue for the Android App log in.

After clicking “Sign in now”, we have three options

Sign in with Facebook

Sign in with Google and

Sign in with Email.

I think you should also offer Sign in with Username

It’s only when one resorts to email option that one sees Username given as the first option although email hint is in the box.

Yes I know it works, but it has always puzzled me why I have to resort to email only to find I could just put DW7 and password.

(And I’m doing it frequently in order to update or synchronise courses that I’ve amended on the web.)

Cc @MemriseSupport

and whilst we fiddle with logins, can we also fix the issue that memrise.com doesn’t remember that I am already logged in? clicking on Login takes me to app.memrise.com, which displays the login page, which a second later disappears as the system has now detected that I am indeed logged in…

… and while we’re at it :slightly_smiling_face:, since yesterday whenever I log out from the Merise Forum, it automatically logs me back on a few seconds later. I could only log out from the forum if I first logged out from the learning site. Weird!

1 Like

Something tells me that username login is a nice way to bruteforce your password, i.e. very far from being secure.

Sorry, I don’t follow (understand). :thinking:

At the moment two things a bad actor needs to know to break-in your account: email and password. Such combination makes break-in almost impossible. However, if your login is your username it becomes though still hard, but possible, because there’s only one thing is missing which is your password. Knowing your login details, someone could brute force your password manually (many people have simple passwords) or via a script and steal your account.

That’s why you see captcha on login pages of some websites - its purpose is to stop brute force attacks. But there are also scripts to recognize captcha, so it could not prevent such attacks altogether. Anyhow, I’m always wondering when I see nickname login, it’s just anti-secure.

1 Like

Thanks, I follow and agree.

The email requires my MemRise log-in password, but as they offer username as an option, it is not that safe.

The only safe system would be to remove username altogether.

Although a “I am not a robot” Captcha system might help.

As the advice says, always use multiple form passwords (strung together) and unique to every platform. (And I never allow a system to remember them for me!)