FAQ Desk: Logging in to this Forum
PeterJones last edited by
Hello, and welcome to the FAQ Desk.
Many people ask questions about how to log in, why we require an account with Google, Facebook, Twitter, or GitHub, and why we don’t just have email/password login here.
How to Log In
To log in, go to the https://community.notepad-plus-plus.org/login page, and select one of the Available Logins, through one of those four OAuth / SSO providers (“OAuth” is the name of one system whereby you can log into one website using the credentials on another; “SSO” = “single sign on”, a generic term for that kind of system).
When you click on one of those links, you will be asked to log in to the other website (if you aren’t logged in already) and to give permission to “share your data” with the Notepad++ Community Forum. After that, you will have an account here, and be logged in. Other that the initial connection, you may occasionally have to re-login, but you’ll just have to confirm with the provider that you still want to log in here.
But I don’t have an account on one of those
Then you need to create one there. If you wish to remain reasonably anonymous, pick one of the providers whose terms of service allow anonymous accounts or multiple accounts; some are more strict than others in that regard; it is up to you to not violate terms of service.
But it’s sharing data!?!?
Only minimal information is shared. If you have publicly shared a name or email address on your chosen OAuth/SSO provider, the Notepad++ Community Forum will copy that information over to initially populate your profile on this site. However, you can change any of that data by clicking on your profile icon in the upper right, and selecting Edit Profile; your username doesn’t even have to match!
Aside from that initial profile data, the only information we get from the OAuth provider is a response to “is this user still logged in and still allowing you to tell us whether they are logged in”? The Forum gets back a “yes” or “no” response; on a “yes”, you will be logged in here; on a “no”, the login will fail.
Why not just do email/password logins
The simple answer is that it’s more work and more dangerous.
OAuth logins are much more secure than a system where you password and login information are stored on the Notepad++ Community server. Those OAuth providers have huge budgets and full-time-employed security teams working around the clock to keep your credentials secure; a mom-and-pop group like us have $0 and 0 employees to stay on top of such things, and when the password-storage was hacked (notice I say when, not if), you and/or a multitude of other users here would be up-in-arms over the password breach. The safest for everybody is the current method – using OAuth through big-name organizations.
But I’ve never seen anyone else ask me to log in through OAuth!
Congratulations; you’ve avoided playing any Facebook games – that’s quite an accomplishment that you should be proud of. ;-)
Seriously: Many websites use OAuth, and allows cross-logging-in, so I’m surprised you’ve never seen any.
As I mentioned, any of the FarmSquirrel, BlowUpMyFriendsWords, or other popular Facebook games use them, as do “what celebrity does my dog look like” apps and “only 1/10 people can score 98.6% on this quiz”.
imgur.com and similar image/file-sharing sites use OAuth providers.
The list goes on and on. Maybe you haven’t noticed them before, but they are out there, and quite common. And other than the Facebook games and quizzes, most are harmless.
If you start the login process from the wrong OAuth provider, it will create a new account here in the forum.
However, if you login with your original/existing OAuth provider first, then go to Edit Profile, the “Single Sign-On Services”, you can associate your single Notepad++ Community Forum with each of the OAuth providers. This means that later, if you accidentally click “Google” instead of “GitHub” and both are associated with your account here, you will log into the same account. This is useful for when you click on the wrong link (or cannot remember which OAuth provider you originally signed up with). It’s also useful if you’ve temporarily or permanently forgotten your credentials at one of the OAuth providers or decided to delete your account over there, you can still use one of the others to log in here (for example, if you have associated both GitHub and Google, but forgot your Google login, you could authenticate using the GitHub, then edit your profile here to remove the link to your Google account; if you ever created a replacement Google account, you could re-link it here when done).
“I still don’t like it. Do I have to have an account here to particpate?”
You can read any post without an account. But to make a new topic or post a reply to an existing topic, you have to log in through one of the available providers.