We will be updating our current WaniKani authentication and password recovery options on May 3, 2023.
Currently we allow users to log into WaniKani using either their email address or username.
To tighten security, we have chosen to remove the username as an option to log into WaniKani, for account recovery, and for password resets. After May 3, 2023, WaniKani will only accept email addresses as a form of log in authentication. You can verify the email associated to your WaniKani account by access the settings at https://www.wanikani.com/settings/account.
Please ensure your email address associated to your WaniKani is correct before the transition date.
We havenât had any security breaches or events, but we wanted to take preemptive action on our part. This decision was a result of us reviewing how we manage user authentication.
If the username is taken away to login, what will we use instead?
Will this automatically log everybody out?
I forsee this being at the very least a mild annoyance to many people. And anyone who has their browser or password-saving programs save the password for them, theyâll have to change the username involved. Not the biggest deal, so the pre-emptive announcement is appreciated, but please explain how this will change things for us, the users. Thanks.
Personally, I hope not. 2 factor authentication drives me nuts⊠too many places have it, now. Even games. I donât need or want everything to be interconnected, personally. Different passwords for everything, etc. If itâs an opt-in thing, okay, fine. (Iâm thankful I have been able to avoid setting it up with one game.) But mandatory for everyone? No thank you.
I feel the same way about 2 factor authentication. I have secure passwords. Every online thing that I do doesnât need an email. I feel that it makes me less secure, not more secure.
And the email that was sent out reiterates that. They recommend checking the email you have on file, in case youâve only been logging in with your username.
You can use your email address. Thatâs always been an option so nothing new there.
We donât expect this to happen.
Just to clarify, we have chosen to remove the username as an option to log into WaniKani, for account recovery, and for password resets. You will need to use your email address to log in, instead of your username.
I strongly recommend using a password manager like keypassx or bitwarden so that you never have to worry about passwords ever again and prevent password reuse (which is generally a very bad idea).
Regarding 2FA given that thereâs no sensitive info or money to be made by taking over WK accounts, I agree that itâs probably not hugely important.
If someone wants to hack into my account and do my reviews⊠let them.
Okay I was just a bit confused as the post specified account recovery and password resets so I figured it didnât apply to regular logins (when you have your password).
Would this be âwe have chosen to remove the username as an option to log into WaniKani (entirely). This is done for account recovery and password reset reasons.â? The wording has confused me a little.
as an option to log into WaniKani sounds like it affects regular logins.
Apparently this is the season of WK making a bunch of unasked-for changes that nobody wants (while still not making any of the changes that people do want). At least this one is only a minor nuisance.
??? What does this have to do with 2FA? Having a TOTP should almost be mandatory, IMO, where peopleâs money is involved (like games). Also, it shouldnât really inconvenience you as you usually can set a device/location as remembered. Easy to store the TOTP in most password managers. If you are talking about forced SMS verification, then yeah, that sucks.
I agree with needing an e-mail everywhere is annoying. But just having a secure password is not enough. Session hijacking and data-breaches are a thingâŠ
