The three letter to requirement for first name doesn't work for people who have first of names consisting of two letters.
Three character requirement for first name doesn't work for people named Ed.
- Thread starter edjski
- Start date
Well observed! Perhaps giving this post some action will encourage the devs to correct that issue.
Temporarily, you could use a longer variant of the name, or add an extra letter or number, like you did. I'm guessing whoever made the name system didn't think of this situation.
You may also be able to turn it into a support request or whatever they call it, if you deem it important enough!
Temporarily, you could use a longer variant of the name, or add an extra letter or number, like you did. I'm guessing whoever made the name system didn't think of this situation.
You may also be able to turn it into a support request or whatever they call it, if you deem it important enough!
Member III
Member III
Advocate I
Or people named "TJ"... I brought this up awhile back and was sort of told "tough luck" for security reasons. Forum won't allow 2 characters in "First Name" field... As I mentioned in that thread, InfoSec is what I do... and I don't think the threat surface created by allowing 2-letter first names is measurably different than 3 letter first names. Character length limits in usernames and passwords can be somewhat effective, however, a character limit on ancillary fields like "first name" is essentially ineffectual for the type of attacks forums are susceptible to. In the InfoSec field we tend to consider the relative cost and risk/reward of any proposed control. In this case the control is "requiring more than 2 letters for first names in profiles" and the cost is "pissing off users with 2-letter names." The risk however is nearly zero. I'm not sure I think a nearly zero increase in security is worth alienating a non-zero subset of users... but it's not my call to make. Other controls (such as requiring longer usernames, complex passwords, and using known-methods to identify human users as opposed to bots) are much more effective, and as part of a defense-in-depth strategy fully mitigate any risk of allowing 2 letter names.
-TJ
-TJ
Pathfinder III
- 5,200
- First Name
- Kent
- Last Name
- Reynolds
- Member #
-
1632
- Ham/GMRS Callsign
- K6KNT
- Service Branch
- Retired Firefighter
Pathfinder III
- 5,200
- First Name
- Kent
- Last Name
- Reynolds
- Member #
-
1632
- Ham/GMRS Callsign
- K6KNT
- Service Branch
- Retired Firefighter
Welcome to Overland Bound
You can use the Member Map to find other members and events in your area. You can also send a message directly from the map to other members.
RESOURCE MAP
App Tutorials
Overland Bound One App Adventure and Expedition Tutorials
Take a try at adding a track or point of interest to the app.
Check the forum calendar and Meet-Up page for events, and the Trip Planning page for trips being planned by members. These pages can be filtered by region.
Overland Bound Meetups
Overland Trip Planning
You are in the Midwest Region, local information can also be found in the “Overland Bound by Region”
OVERLAND BOUND COMMUNITY
Quick adult & youthTread Lightly online awareness course.
Online Courses - Tread Lightly
Tread Lightly! Youth Online Course
Check out Overland Expo https://www.OverlandExpo.com
Here is a Midwest expo in MO MOORE OVERLANDING AND OFF-ROAD EXPO // APRIL 21-22, 2023 // OZARK EMPIRE FAIRGROUNDS – SPRINGFIELD, MO
If you have any questions don't hesitate to message me, hopefully I can get you going in the right direction. @Kent R or Kent@OverlandBound.com
You can use the Member Map to find other members and events in your area. You can also send a message directly from the map to other members.
RESOURCE MAP
App Tutorials
Overland Bound One App Adventure and Expedition Tutorials
Take a try at adding a track or point of interest to the app.
Check the forum calendar and Meet-Up page for events, and the Trip Planning page for trips being planned by members. These pages can be filtered by region.
Overland Bound Meetups
Overland Trip Planning
You are in the Midwest Region, local information can also be found in the “Overland Bound by Region”
OVERLAND BOUND COMMUNITY
Quick adult & youthTread Lightly online awareness course.
Online Courses - Tread Lightly
Tread Lightly! Youth Online Course
Check out Overland Expo https://www.OverlandExpo.com
Here is a Midwest expo in MO MOORE OVERLANDING AND OFF-ROAD EXPO // APRIL 21-22, 2023 // OZARK EMPIRE FAIRGROUNDS – SPRINGFIELD, MO
If you have any questions don't hesitate to message me, hopefully I can get you going in the right direction. @Kent R or Kent@OverlandBound.com
Pathfinder III
- 5,200
- First Name
- Kent
- Last Name
- Reynolds
- Member #
-
1632
- Ham/GMRS Callsign
- K6KNT
- Service Branch
- Retired Firefighter
I have confirmed with Michael that this is security issue and cant be changed. @tjZ06 described it well.
Advocate I
What I described is why the decision to disallow 2-letter names was the wrong decision, in my opinion (which I recognize is just that: one guy's opinion, not the final word by any means). What Michael previously stated was there was a specific exploit related to allowing 2-letter names, or at least one that is more effective if 2-letter names are allowed. If I had a little more information on that exploit I might be able to suggest alternate mitigations that don't impact users. That said, I'd also be surprised if the exploit hasn't evolved and adapted. Exploits are rarely stationary targets, and menial fixes like changing the required length of an ancillary field are generally temporary.
-TJ
