Two accounts at the same Discourse forum


#1

Hello.

I searched the Internet for information, but could not find what I was looking for, so I hope you can help me.

I have two (2) accounts at a Discourse forum, and I made the mistake of trying to log in to one of the accounts using the password from the other account. Does this now mean the admin of that Discourse forum has the ability to see I use both those accounts?


#2

The admin can figure it out from the IP addresses used to log in.


#3

I used a different VPN IP address for each account, so they do not match.


#4

If I have not explained myself properly, please tell me. I am quite concerned about this, and I do not know where else to go to get the information I need.

I created this account to get help with this problem.


#5

Incorrectly using a password that is associated with another account will not alert an admin to the fact that you have two accounts.


#6

But if one of the admin was suspicious I was the user of both accounts, I thought he would now be able to compare all the password log in attempts to see if there is a match. I think it is unlikely they will do that, but, for my peace of mind, I was hoping it would not be possible for them to do that. Is it possible, if they wanted to?

Thank you for helping me!


(Matt Palmer) #7

Sure they could. They’re the site admin, they can do anything they want.


#8

That is what I was worried about.

If I changed the passwords on the two accounts would the two old passwords be unavailable to the admin? Please excuse my ignorance, I do not know much about these things.


#9

I’m going to wait for Matt to elaborate on what he means here but I’d suggest that you don’t panic.
As a Discourse admin I can’t see passwords or compare them to other passwords.

But I’m going to be honest, this sounds a bit… dodgy. We don’t particularly want to help you evade detection if you’re breaking any forum rules.


#10

There is no rule I am aware of on the forum forbidding a person having two accounts, but I am worried the admin will think I am up to no good if they know. It is an awkward situation. One of my accounts is a “Regular” account, the other is a “Basic”. The forum is an invite only forum, and I wanted the second account in case I ever lost my information to log into my “Regular” account. Now I am worried I have created a situation where I may lose them both and not have any access to the forum anymore, because it is invite only. I could kick myself! :grimacing:


#11

I’d get in touch and be honest. If it were me I’d understand and help you work out a better solution. :slight_smile:


(Matt Palmer) #12

If your threat model includes, as an adversary, the person you’re submitting your credentials to, then you’re hosed. There is nothing that Discourse, or any other password-accepting web application, can do to save you, and there is no way that anyone here can have or provide any reasonable assurance that your opsec isn’t compromised.


#13

I think your suggestion is wise, I am just afraid I will be left out in the cold, with no account. That Discourse forum is very important to me.

When you say you cannot see the passwords, do you mean you cannot even see them in the form they have been converted into after they go through that hashing and salting thing?


#14

I understand. It is my own fault. I should have been more careful putting the password in. I will keep my chin up and hope for the best. I think I may try to explain the whole situation to the admin. I thank you, and everybody else in this thread, for the help you have given me. You did not have to do that. I appreciate it. :+1:t2:

Goodbye.


(Kane York) #15

If you’re worried about breaking rules just by having two accounts that were ever used, Discourse tends to create a lax environment on that.

Also you can self delete the account if you’ve only made 1 post or less and there won’t be anything close to a problem.