Short version: To keep a fast, sleek database, your @ username in the forum is your login username.
Occasionally a person’s username (the name with which they registered at Giza) contains personally identifying information they don’t wish to share. When commenting on Giza articles, the Display Name overrides the username, and users can configure their display name in their Account > member settings. This is NOT true of the forum. The new forum can’t operate off of the main website member profile (commenter’s) display name. It needs the actual login username for several reasons related to database synchronization, and so people can @ the username to mention the user, etc.
In a case where your login username contains personally identifying information you don’t want visible in their forum profile (e.g. a real last name or a full email address), the user can complete a support ticket to request a one-time change. For the benefit of our long-time users, for the months of September and October 2021, we will ALSO do this if a user requests their username to match a one-word phrase - e.g. cottoncandycat or mushroomcloudbilly (no hyphens, spaces, etc) they’ve used as an identifier in many past posts and comments. To protect the user’s account security, we must have an actual support ticket we can associate with an account. We can’t honor email requests. In the support ticket: confirm the old username that contains the personally identifying information, indicate which information is personally identifying, and suggest a replacement username (e.g. first name only, not last, first name plus another word, first name and initial, different phrase entirely, etc).
Note: username must be unique (i.e. not already exist in the database for someone else). In the event the username already exists (e.g. “john”), we’ll select a unique alternate based on the one chosen. E.g. we might use a number, etc. Optionally, the user can suggest alternates in the initial support ticket, and we’ll try to prioritize those if the preferred username is taken. Usernames cannot contain spaces, dashes, hyphens, periods, the @ symbol, or math symbols. Usernames ARE case sensitive but we will not deliberately create usernames that are identical except for case. We recommend (not require) usernames be lower case to avoid confusion.
Remember: you can log in with your email address on file or your username. The username will have changed, so (once we update the username), you must update any password manager you use, or if your browser remembers login credentials. We can’t support the variety of tools that automatically fill login credentials.
Why is it done this way? Not all forums do.
A standalone forum vs. one integrated with a website are two different beasts. Most standalone forums that a main site merely links to are full of SPAM, because their infrastructure can be studied at leisure by anyone installing the same forum platform. By requiring Giza login credentials to post in the forum, we have a single point of restriction to manage, which is robust, with years of proven track record. We don’t have to develop separate defenses for the forum which would necessarily create more restrictive measures. Also, this means each user only has to maintain ONE set of login credentials, not two. The old forum was fully integrated with the website, but still required so many additional layers of security as to render it slow and awkward. As the website and forum grew, it was inevitable that the larger encrypted database of credentials would cause the main website to slow and become unwieldy. It was never a permanent solution. The tradeoffs are that a couple of features unique to the website - display name for instance - don’t get pushed over. A display name is an ‘artificial name’ used for comments on website articles and is not a legitimate security credential. That’s partly because a display name can have spaces and other characters and components that usernames cannot (without causing problems). The forum needs a single way to associate a user with his/her Giza account, and that is necessarily the login username. There ARE forum platforms that artificially account for this, but they’re notoriously insecure. This solution is supported by a community of people dedicated to cybersecurity. It’s not bullet-proof, but it’s a very strong, fortified solution. Being current and well-supported (vs. our previous platform whose development community frankly did not keep up), means vulnerabilities are likely to be fixed quickly after they’re found. It’s part of our commitment to take reasonable steps to protect user data.