We're changing how you log in to PistonHeads
Discussion
valiant said:
119 said:
Looks like PH is going to lose a few members then.
Nonsense!This place is like crack to some of its users. They may threaten to leave but all that has to happen is for a thread to start on cycling through red light, is it ok? or I think EVs are better than petrol and they ll be gnashing their teeth to stumps in not replying. And that s BEFORE we get to the madness of NP&E.
butchstewie said:
PRO5T said:
Hmm, so as my username is currently one of my private plates, if and when I sell the plate I won't be able to change my username?
I do think this point needs clarification/confirmation please.Clockwork Cupcake said:
Not easily obvious, but you can go back through their posts via their profile and you will see what their username was at the time of posting on each post. That's invariant.
This really feels like a change that doesn't need to be made. Users are already identified by a unique number (you can see it as part of the URL when you view their profile) so I don't see why usernames need to be fixed in stone.
I have no views on making an email address the primary login feature, other than to say that it is ridiculously easy to create a free email address with outlook.com or google mail or whatever, so this doesn't add any extra level of security whatsoever.
It almost certainly ticks some legal boxes to satisfy the new legislation, which will have been drafted by people who don’t use the internet for recreational purposes, just as do many motoring laws are drafted by people who don’t drive.This really feels like a change that doesn't need to be made. Users are already identified by a unique number (you can see it as part of the URL when you view their profile) so I don't see why usernames need to be fixed in stone.
I have no views on making an email address the primary login feature, other than to say that it is ridiculously easy to create a free email address with outlook.com or google mail or whatever, so this doesn't add any extra level of security whatsoever.
Edited by Clockwork Cupcake on Sunday 14th September 11:41
For an organisation like CarGurus (PH’s owners), ticking these boxes will be essential or it’ll get flagged on some compliance audit. It quite likely already has, hence the changes, and said compliance audit will have been carried out by an external company who charge a fortune for not very much work.
Cynical? Me? Seen it too many times. Still, makes work for people and keeps the wheels turning, that’s how I’ve been forced to approach it lately. It may make no sense, but we’ve got to do it, is a commonly heard request in my line of work now.
Scott
vaud said:
I think he wrote that members won t be able to change their names. I m guessing that an admin will be able to.
That’s gonna depend on whether the login is still referenced by an ID number, or whether the forum becomes the login reference. Unlikely that much will be changing, but…I’ve seen that done, leading to chaos when someone changes the name in the database and now nothing’s linked like it should be.
Also they may simply decide they aren’t going to change usernames at all, even though they can. Could be a policy decision.
I can guarantee there’ll be some logic behind whatever is happening, even if it might make no obvious sense.
Scott
zarjaz1991 said:
It almost certainly ticks some legal boxes to satisfy the new legislation, which will have been drafted by people who don t use the internet for recreational purposes, just as do many motoring laws are drafted by people who don t drive.
For an organisation like CarGurus (PH s owners), ticking these boxes will be essential or it ll get flagged on some compliance audit. It quite likely already has, hence the changes, and said compliance audit will have been carried out by an external company who charge a fortune for not very much work.
Cynical? Me? Seen it too many times. Still, makes work for people and keeps the wheels turning, that s how I ve been forced to approach it lately. It may make no sense, but we ve got to do it, is a commonly heard request in my line of work now.
For sure. But, as the old saying goes, "Don't piss on my head and tell me it's raining". If the change is legislation-based then don't spin it as an exciting new feature or some kind of security thing when it clearly isn't. For an organisation like CarGurus (PH s owners), ticking these boxes will be essential or it ll get flagged on some compliance audit. It quite likely already has, hence the changes, and said compliance audit will have been carried out by an external company who charge a fortune for not very much work.
Cynical? Me? Seen it too many times. Still, makes work for people and keeps the wheels turning, that s how I ve been forced to approach it lately. It may make no sense, but we ve got to do it, is a commonly heard request in my line of work now.
zarjaz1991 said:
I can guarantee there ll be some logic behind whatever is happening, even if it might make no obvious sense.
Quite. Although the logic may be "it's cheaper / less effort to implement it this way" 
Edited by Clockwork Cupcake on Sunday 14th September 12:22
Clockwork Cupcake said:
For sure. But, as the old saying goes, "Don't piss on my head and tell me it's raining". If the change is legislation-based then don't spin it as an exciting new feature or some kind of security thing when it clearly isn't.
It may be that the current login system doesn’t meet modern security standards for authentication. Which would certainly be a legit reason to change it. I’m seeing this a lot.Clockwork Cupcake said:
Quite. Although the logic may be "it's cheaper / less effort to implement it this way"
….and that’s often the response. Replace as cheaply and easily as you can, because this took us by surprise and wasn’t in the technical debt budget. I mean, who knows what the score is here, but PH isn’t known for spending vast amounts on the forums, they still look like something from the 1990s (though that adds to the appeal for me), and also the forums don’t remotely match the look and feel of the website. The forums are like the elderly grandmother with dementia, tucked away in the PH attic.
Edited by Clockwork Cupcake on Sunday 14th September 12:22
zarjaz1991 said:
I mean, who knows what the score is here, but PH isn t known for spending vast amounts on the forums, they still look like something from the 1990s (though that adds to the appeal for me), and also the forums don t remotely match the look and feel of the website.
Very much part of the charm and continuity of what makes PH so special. I think it would be throwing the baby out with the bathwater if CarGurus were to "modernise" the forums to bring them in like with the look & feel of the main site and hopefully they know that. zarjaz1991 said:
CoolHands said:
I noticed b
hstewie just changed his username 
Yeah he s actually referred to this thread as being the reason for that. Can t get used to it, it looks like someone impersonating him!hstewie just changed his username Scott
For years I could log in with user ID - I’ve never changed my user name - but when I changed my email address it did get changed for 30 mins because it had a ‘ in there and as it was no longer allowed I think Ben (or might have been someone else had to change it and then change it back) since then I’ve only been able to log in with my email address
On the face of it the changes seem sensible to have one log on process using email addy as opposed to current situation where some users can log in with user name and other user can log in only with email address??
How much longer do you all think PH will go on for?
When it was bought by CarGurus there was a long thread relating to how they didn't want to keep it going.
This 'for your safety' change may be a major step in its demise.
There must be enough wealth and IT knowledge among a small consortium of PH users to buy CG out and let us keep PH going for the next 25 years.
Also bear in mind that the current pile of steaming st that dares to call itself a Government will be out on its arse in less than 4 years.
I doubt the current push to ID profile citizens will continue with such vigour under the next administration.
Picking up the pieces will keep them busy enough.
When it was bought by CarGurus there was a long thread relating to how they didn't want to keep it going.
This 'for your safety' change may be a major step in its demise.
There must be enough wealth and IT knowledge among a small consortium of PH users to buy CG out and let us keep PH going for the next 25 years.
Also bear in mind that the current pile of steaming s
t that dares to call itself a Government will be out on its arse in less than 4 years.I doubt the current push to ID profile citizens will continue with such vigour under the next administration.
Picking up the pieces will keep them busy enough.
zarjaz1991 said:
It may be that the current login system doesn t meet modern security standards for authentication. Which would certainly be a legit reason to change it. I m seeing this a lot.
Which modern security standard prevents changing a user's display name?We're clearly not being told what the real reason is. I doubt most users know which email address they signed up with, so we're going to lose a lot of more irregular posters.
768 said:
Which modern security standard prevents changing a user's display name?
Steam has an odd system. You can change your display name and your email address to your heart's content, but your underlying username cannot be changed. Not even by Steam themselves. They can't even create you a new profile and transfer all your purchases over to it. Fortunately, however, your username is never shown not even in URLs. PH already has an invariant user identification in the form of the memberId field. You can see it when you view someone's profile. So there is absolutely no reason to disallow changing your display name.
768 said:
Which modern security standard prevents changing a user's display name?
We're clearly not being told what the real reason is. I doubt most users know which email address they signed up with, so we're going to lose a lot of more irregular posters.
That’s separate to the actual change and I suspect, as I suggested earlier, that the stopping of username changes is a policy choice.We're clearly not being told what the real reason is. I doubt most users know which email address they signed up with, so we're going to lose a lot of more irregular posters.
Scott
Clockwork Cupcake said:
Very much part of the charm and continuity of what makes PH so special. I think it would be throwing the baby out with the bathwater if CarGurus were to "modernise" the forums to bring them in like with the look & feel of the main site and hopefully they know that.
Absolutely. I’m not 100% sure though if that’s the rationale or just that it saves money not to.We keep getting weird things though, like search being missing on mobile view, and for me at least you can no longer request the desktop version of the site on a mobile. Well, you can, but the mobile site still gets shown.
Of course, what they really need is a responsive design that mimics the current desktop design, but I can’t see that ever happening, ‘cos, money.
Scott
OIC said:
How much longer do you all think PH will go on for?
When it was bought by CarGurus there was a long thread relating to how they didn't want to keep it going.
This 'for your safety' change may be a major step in its demise.
There must be enough wealth and IT knowledge among a small consortium of PH users to buy CG out and let us keep PH going for the next 25 years.
Also bear in mind that the current pile of steaming st that dares to call itself a Government will be out on its arse in less than 4 years.
I doubt the current push to ID profile citizens will continue with such vigour under the next administration.
Picking up the pieces will keep them busy enough.
There’s plenty of expertise and funding within these walls. As long as we knew in advance then an alternative would be set up. For instance I’ve many years experience building and managing forums, I’m sure others have too. It’s daunting though and not something anyone should take lightly. Then there’s managing the servers, I can do that too, and I’m sure there’s innumerable others, many better than me at it. It’s the time and commitment that people always underestimate, I’ve seen it happen many times and the replacement site itself closes after 18 months or so when the novelty wears off.When it was bought by CarGurus there was a long thread relating to how they didn't want to keep it going.
This 'for your safety' change may be a major step in its demise.
There must be enough wealth and IT knowledge among a small consortium of PH users to buy CG out and let us keep PH going for the next 25 years.
Also bear in mind that the current pile of steaming s
t that dares to call itself a Government will be out on its arse in less than 4 years.I doubt the current push to ID profile citizens will continue with such vigour under the next administration.
Picking up the pieces will keep them busy enough.
The other challenge would be the post history, that’s unlikely to be something the current owners would hand over, and even if they did, migrating it to a new solution would be quite the challenge given it’s currently custom built.
Anyway….getting a bit ahead of ourselves here, but always worth thinking about.
Scott
Ed Boon said:
Bringing in MFA for users?
Certainly ensuring users have an active email is an enabler for MFA but it could equally be implemented via a mobile number or through one of many authenticator apps. Using email as primary identified for accounts and user identification comes with some complexities, less so in an environment like PH but quite a challenge in regulated industries holding special category data such as clinical information.
A key issue is shared email addresses such as “mrandmrssmith@example.com” - should it be possible for Mrs Smith to access Mr Smith’s information because she has access to the shared email account?
Personally I would say that if you choose to share an email address you should accept the potential sharing of protected information but I suspect many wouldn’t.
Gassing Station | Website Feedback | Top of Page | What's New | My Stuff