We will be updating our current WaniKani authentication and password recovery options on May 3, 2023.
Currently we allow users to log into WaniKani using either their email address or username.
To tighten security, we have chosen to remove the username as an option to log into WaniKani, for account recovery, and for password resets. After May 3, 2023, WaniKani will only accept email addresses as a form of log in authentication. You can verify the email associated to your WaniKani account by access the settings at https://www.wanikani.com/settings/account.
Please ensure your email address associated to your WaniKani is correct before the transition date.
We haven’t had any security breaches or events, but we wanted to take preemptive action on our part. This decision was a result of us reviewing how we manage user authentication.
Thanks for understanding.
I honestly had no idea that I could use my username
Seems like a good change, I guess. Usernames are public.
Any word on 2FA in the future?
I honestly had no idea that I could use my email
If the username is taken away to login, what will we use instead?
Will this automatically log everybody out?
I forsee this being at the very least a mild annoyance to many people. And anyone who has their browser or password-saving programs save the password for them, they’ll have to change the username involved. Not the biggest deal, so the pre-emptive announcement is appreciated, but please explain how this will change things for us, the users. Thanks.
Personally, I hope not. 2 factor authentication drives me nuts… too many places have it, now. Even games. I don’t need or want everything to be interconnected, personally. Different passwords for everything, etc. If it’s an opt-in thing, okay, fine. (I’m thankful I have been able to avoid setting it up with one game.) But mandatory for everyone? No thank you.
Oh yeah, I wouldn’t want it to be mandatory, but rather as something people can opt-in if they choose to.
Admit that you don’t even know your user name.
I feel the same way about 2 factor authentication. I have secure passwords. Every online thing that I do doesn’t need an email. I feel that it makes me less secure, not more secure.
Unless I’ve interpreted this wrong, it shouldn’t affect regular logins:
But there’s this:
And the email that was sent out reiterates that. They recommend checking the email you have on file, in case you’ve only been logging in with your username.
You can use your email address. That’s always been an option so nothing new there.
We don’t expect this to happen.
Just to clarify, we have chosen to remove the username as an option to log into WaniKani, for account recovery, and for password resets. You will need to use your email address to log in, instead of your username.
I strongly recommend using a password manager like keypassx or bitwarden so that you never have to worry about passwords ever again and prevent password reuse (which is generally a very bad idea).
Regarding 2FA given that there’s no sensitive info or money to be made by taking over WK accounts, I agree that it’s probably not hugely important.
If someone wants to hack into my account and do my reviews… let them.
Okay I was just a bit confused as the post specified account recovery and password resets so I figured it didn’t apply to regular logins (when you have your password).
Would this be “we have chosen to remove the username as an option to log into WaniKani (entirely). This is done for account recovery and password reset reasons.”? The wording has confused me a little.
I just updated the post to clarify.
So right now, you can use your username or email for these 3 things:
Going forward, you can only use your email address for the above 3 instead of both username and email address.
Hope that clears it up!
as an option to log into WaniKani sounds like it affects regular logins.
Apparently this is the season of WK making a bunch of unasked-for changes that nobody wants (while still not making any of the changes that people do want). At least this one is only a minor nuisance.
If you really want to improve security 2FA ( optional / to choose ) would be great
Thank you for clearing that up for me!
??? What does this have to do with 2FA? Having a TOTP should almost be mandatory, IMO, where people’s money is involved (like games). Also, it shouldn’t really inconvenience you as you usually can set a device/location as remembered. Easy to store the TOTP in most password managers. If you are talking about forced SMS verification, then yeah, that sucks.
I agree with needing an e-mail everywhere is annoying. But just having a secure password is not enough. Session hijacking and data-breaches are a thing…