Follow-up Comment #3, sr #109310 (project administration): Hi Bob, or TWIMC
This is definitely NOT "some bad interaction with Lastpass". I only mentioned LastPass to indicate that I had certainly gotten my username and password correct. I am guilty for missing the idea of an email verification or forgetting about it after the email took too long and I moved on with my life. I also managed to archive the verification email. The "INVALID.NOREPLY" sender didn't encourage me to pay attention to the verification email. I was correct in wanting my ONE username, as this site has significant discussion activity. My (mis)use-case is valid. The site should NOT put a new account username/password into a PENDING purgatory. I suggest the login rejection of an attempt that actually has the right credentials include the message that reminds about the email verification, for instance, "Perhaps you have missed the emailed verification link?". Also, consider the case where the initial attempt is sent to you with a typo in their email. Is that covered? And the database of PENDING credentials should time out and be purged at some point... a day, a month, or the minimum delay consistent with your defense against bots. Rick Johnson -- RickJohn57 631-921-8450 (mobile) _______________________________________________________ Reply to this item at: <http://savannah.gnu.org/support/?109310> _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/