Yes, that is the tension I am trying to handle.
Technically I agree that an institutional email address is stronger identity assurance than a personal email address. My reason for moving away from institutional email/SSO is not that personal email is better proof of identity, but that I want the community to be clearly independent and not rely on an institution’s identity system or email domain for ongoing access.
Since my opening post I have made the current transition state clearer on the site itself:
- the splash/login page now states that Physics with Ethan is independent and not affiliated with or endorsed by any university, school, or department;
- it also explains that sign-in currently uses Microsoft work or school account verification for onboarding;
- existing users can now add a personal email address after logging in, via Profile → Preferences → Emails;
- I have also added wording asking users not to register using another person’s name, email address, or identity.
So I think the current position is a transitional one:
- Microsoft work/school verification is still useful for reducing impersonation risk during onboarding;
- but I would like existing users to add personal email addresses;
- and I want to avoid making institutional email/SSO the long-term dependency of the community.
The practical Discourse question I am still trying to answer is:
For a community that wants to move from institutional email/SSO toward local accounts and personal email addresses, is the safest pattern to keep the transition manual/admin-reviewed rather than attempting automatic account merging?
For example:
- allow existing users to add a personal email while logged in;
- keep the splash page clear about the current onboarding method;
- discourage misleading registrations/impersonation;
- avoid automatic account merges;
- only merge accounts where there is clear evidence the same person controls the relevant accounts/emails.
Does that sound like the right Discourse-native direction?