Forum won't allow 2 characters in "First Name" field...

tjZ06 · Sep 1, 2021

Hey OB admins,

I was updating my location in my profile since I moved recently and ran into an issue. Apparently the forum requires 3 or more characters for a first name. My real, legal first name (on my Birth Cert, SS card, etc.) is just "TJ". Not T.J. Not Thomas. Just "TJ".

-TJ

M Rose · Sep 1, 2021

tjZ06 said:
Hey OB admins,

I was updating my location in my profile since I moved recently and ran into an issue. Apparently the forum requires 3 or more characters for a first name. My real, legal first name (on my Birth Cert, SS card, etc.) is just "TJ". Not T.J. Not Thomas. Just "TJ".

-TJ

This would see more traction in the support forums

tjZ06 · Sep 1, 2021

M Rose said:
This would see more traction in the support forums

Perhaps a mod/admin can move it? Honestly, I took a quick scan of the forums and the description here made sense to post. Having so many forums with overlapping content can make it non-obvious where to post something. I tend to scan from the top down, and if I find a forum that sounds correct I'm going to post there, rather than think "oh, I bet there's an even more appropriate forum further down..."

-TJ

M Rose · Sep 1, 2021

tjZ06 said:
Perhaps a mod/admin can move it? Honestly, I took a quick scan of the forums and the description here made sense to post. Having so many forums with overlapping content can make it non-obvious where to post something. I tend to scan from the top down, and if I find a forum that sounds correct I'm going to post there, rather than think "oh, I bet there's an even more appropriate forum further down..."

-TJ

Most forums have tech support issue sections at the very bottom… in fact all the ones I’m a member of are formatted this way.

tjZ06 · Sep 1, 2021

M Rose said:
Most forums have tech support issue sections at the very bottom… in fact all the ones I’m a member of are formatted this way.

TBH, this is the first time I've needed to seek out tech support on a forum, so I've never really looked/noticed. I still think the description of this forum is reasonable for my issue. I don't need immediate tech support, I'm not unable to post, or send messages or any other core function of the forum. I'm just making a suggestion to make the forum better for users that happen to have 2-charcter first names. After all, the description for this section is:

OB said:
Have an idea to make Overland Bound better?

-TJ

M Rose · Sep 1, 2021

tjZ06 said:
TBH, this is the first time I've needed to seek out tech support on a forum, so I've never really looked/noticed. I still think the description of this forum is reasonable for my issue. I don't need immediate tech support, I'm not unable to post, or send messages or any other core function of the forum. I'm just making a suggestion to make the forum better for users that happen to have 2-charcter first names. After all, the description for this section is:

-TJ

I’ll take this to DM

Michael · Sep 1, 2021

Hey all - this is intentional. 2 letter names, unfortunately, open the site up to various hacking attempts. It's not ideal.

tjZ06 · Sep 1, 2021

Michael said:
Hey all - this is intentional. 2 letter names, unfortunately, open the site up to various hacking attempts. It's not ideal.

I'm an Information Security Engineer, and have run a few forums and I'm not sure I agree, exactly. It's not that shorter name requirements aren't less secure. It's just that the threat surface at 2 letters vs. 3 letters is nearly identical. Security is always a trade-off game. The most secure system is one nobody can use. ;) So I tend to weigh the cost of security measures against the reward. In the case of requiring 3+ letters vs. 2+ the cost is probably pretty low (not many of us out there with true 2-letter first names, as opposed to abbreviations/initials) but the reward is extremely low. A low/extremely low measure is one I won't often take. Name requirements pose little issue to most bots since their originators have learned to use longer names. Anyway, it's not a big deal, it's just that my name is currently correct (the 3+ letter first name requirement must be newer than my account) so I can't appropriately update my location without losing my correct name in my profile. Sure, I can put in something like TJreallythisismynameipromise but that sort of defeats the point of having a name field in our profiles in the first place...

-TJ

Crusader · Sep 30, 2021

I wanted to give one of my sons just a middle initial instead of a middle name. Wife wouldn't go for it. She really didn't go for the middle number idea.

tjZ06 · Jan 10, 2022

Michael said:
Hey all - this is intentional. 2 letter names, unfortunately, open the site up to various hacking attempts. It's not ideal.

tjZ06 said:
I'm an Information Security Engineer, and have run a few forums and I'm not sure I agree, exactly. It's not that shorter name requirements aren't less secure. It's just that the threat surface at 2 letters vs. 3 letters is nearly identical. Security is always a trade-off game. The most secure system is one nobody can use. ;) So I tend to weigh the cost of security measures against the reward. In the case of requiring 3+ letters vs. 2+ the cost is probably pretty low (not many of us out there with true 2-letter first names, as opposed to abbreviations/initials) but the reward is extremely low. A low/extremely low measure is one I won't often take. Name requirements pose little issue to most bots since their originators have learned to use longer names. Anyway, it's not a big deal, it's just that my name is currently correct (the 3+ letter first name requirement must be newer than my account) so I can't appropriately update my location without losing my correct name in my profile. Sure, I can put in something like TJreallythisismynameipromise but that sort of defeats the point of having a name field in our profiles in the first place...

-TJ

@Michael any thoughts on my reply? I wasn't implying that it wasn't intentional, just questioning if the result meets the intent. The efficacy of a 3-letter+ first name requirement over a 2-letter+ is nearly zero (again, bot originators have learned to use longer "names").

Thanks,
TJ <--real legal first name ;)

Michael · Jan 10, 2022

tjZ06 said:
@Michael any thoughts on my reply?

Thanks,
TJ <--real legal first name ;)

It's a specific exploit. I either deploy an engineer to chase this exploit or require 3+ letters. Immediately upon implementing the three letter rule, the exploit went from 30 spam registrations and various spam posts to 0.

tjZ06 · Jan 10, 2022

Michael said:
It's a specific exploit. I either deploy an engineer to chase this exploit or require 3+ letters. Immediately upon implementing the three letter rule, the exploit went from 30 spam registrations and various spam posts to 0.

Fair 'nough, thanks for taking the time to consider it, and reply.

-TJ

Michael · Jan 10, 2022

tjZ06 said:
Fair 'nough, thanks for taking the time to consider it, and reply.

-TJ

Oh you bet - thanks for caring! Sub-optimal for now - but we'll get there once we are all growed up.
See you on the trail!

M

tjZ06 · May 26, 2022

Is there any way we can revisit this? It's getting really old to get told my "name isn't valid" anytime I try to update my profile. I think you'll find reducing to a 2-letter first name requirement in account descriptions isn't going to change any threat vectors. I could see a 2-letter *username* being an issue, but this just seems like a strange place to enforce something that hurts user experience for legitimate users.

-TJ

ThundahBeagle · May 26, 2022

tjZ06 said:
Is there any way we can revisit this? It's getting really old to get told my "name isn't valid" anytime I try to update my profile. I think you'll find reducing to a 2-letter first name requirement in account descriptions isn't going to change any threat vectors. I could see a 2-letter *username* being an issue, but this just seems like a strange place to enforce something that hurts user experience for legitimate users.

-TJ

Just casual interest, but what of a Chinese person named Ng? I am not such a person, nor am I attempting to make light, but what would that person do? Or Li. Hu. Xe.

tjZ06 · May 26, 2022

ThundahBeagle said:
Just casual interest, but what of a Chinese person named Ng? I am not such a person, nor am I attempting to make light, but what would that person do? Or Li. Hu. Xe.

Or a person with a real, legal name of TJ... not initials, not short for anything, but on their birth certificate, driver's license, Social Security card etc. "TJ"... asking for a friend (that friend is me).

-TJ

zgfiredude · May 26, 2022

Seems like "BS"

pun intended......

but I don't know all the issues from the developer side, to be fair.

Ubiety · May 31, 2022

tjZ06 said:
Or a person with a real, legal name of TJ... not initials, not short for anything, but on their birth certificate, driver's license, Social Security card etc. "TJ"... asking for a friend (that friend is me).

-TJ

Or somebody that has been "stalked" by OB members and does not want to use their name at all? My vote is no character requirement for first/last name - but yeah spammers suck and I get it.
What about enforce a limit via the web/OB1 UI but allow an admin to modify to less chars upon user request?

grubworm · May 31, 2022

this sounds like something for the court system to decide....

Search

Forum won't allow 2 characters in "First Name" field...

tjZ06

Rank V

M Rose

Local Expert

tjZ06

Rank V

M Rose

Local Expert

tjZ06

Rank V

M Rose

Local Expert

Michael

Rank IX

tjZ06

Rank V

Crusader

Rank II

tjZ06

Rank V

Michael

Rank IX

tjZ06

Rank V

Michael

Rank IX

tjZ06

Rank V

ThundahBeagle

Rank V

tjZ06

Rank V

zgfiredude

Rank VI

Ubiety

Rank VI

grubworm

Rank V