When following instructions (!!) and changing my password for the new forum I was able to use my old username, which is the same as my email address.I was able to generate and save a new password (using 1password) but couldn't login because my email address is longer than 15 characters.Luckily, somewhere I could see the token 1password thought was my username, and I was able to change the 1Password entry from my email to this token.The user changing their password needs to be warned if their current email=username can't be used, and that they need to change the username as well as the password.

This restriction actually comes from our platform provider, but it’s an important one that we stand by. Using an email address as a public username isn’t a great practice from a security and privacy standpoint—it makes it easier for bad actors to target accounts with phishing or other attacks. I know it’s an adjustment, but if you need help updating your username, just let us know—we’re happy to assist!

Username Change inconsistent | 1Password Community

4 Replies

1P_SimonH
Community Manager
3 months ago
Hi AnitaGraham,

Sorry for the confusion here! I think the mix up was caused by the fact that when resetting your password, you had to provide your email address to trigger the reset email, but when signing in to the community, you need to use your username. Your username has stayed the same the whole time.

I hope that helps and appreciate you going to all that effort to get logged in!
Tangible409
Occasional Contributor
3 months ago
I encountered the same problem. It seems like a silly and arbitrary restriction to disallow email addresses as user ids if they are >15 characters.
- 1P_Blake
  Community Manager
  3 months ago
  This restriction actually comes from our platform provider, but it’s an important one that we stand by. Using an email address as a public username isn’t a great practice from a security and privacy standpoint—it makes it easier for bad actors to target accounts with phishing or other attacks.
  
  I know it’s an adjustment, but if you need help updating your username, just let us know—we’re happy to assist!
  - Tangible409
    Occasional Contributor
    3 months ago
    I understand your point, Blake, but there are many sites that allow the email address for logging in, but then display only a username to the public. That seems like the best of both worlds, preserving privacy but letting the user use their familiar email address to gain access.
    
    But of course the real answer is Passkeys. You guys are major proponents of that superior approach, and it would have been nice if you had chosen to use them on your new site.
    
    To quote a respected security expert,
    
    “Passkeys are simpler to use than passwords because there's nothing to memorize, type out, or paste in. Instead, you sign in to accounts with a quick biometric scan or device PIN. Unlike passwords, you don’t have to come up with anything to make one or worry about how complex they are. Every passkey is strong and can only be used for one website or app. That means each account always has the best protection.”

Forum Discussion

Username Change inconsistent

4 Replies

Recent Discussions

Random but Memorable 14.7: Malicious Pottery Service Provider with Tarah Wheeler

New exploit

Random but Memorable 14.6: Security Agents Protecting Adolescence with Chris McCarty

Indonesia Billing Payment

What has happened to 1Password Support?