Another issue: I am still logged on on lesserwrong.com, but when I use my saved password from lesswrong.com to login to the site, nothing happens—I neither get logged in, nor do I get an error message.
(Actually, after pressing the “Sign in” button for several times in rapid succession, I get an “Unknown error” message, but not before.)
EDIT: In the original migration announcement from a few days back, the OP linked to the github issues page here: https://github.com/Discordius/Lesswrong2/issues—is it enough to report issues in comments on this post, or do you need reports there?
Hmm, this could be the bug that’s seemingly resulting in a number of LW1 (“legacy”) accounts being locked out. Did you have a recovery email set on LW1 before the first database import? If you didn’t, but perhaps set it later, then make sure that you can request a “reset password” email from https://www.lesswrong.com with that address (don’t worry, this won’t actually reset your password or anything unless you click the link in the resulting email message). If you see an error because your recovery address can’t be found, visit the “edit account” page in your logged in session and resubmit your data there (your email should be there, but resubmit anyway), then retry the “forgot password” feature on lesswrong.com and make sure that it works for you. This should hopefully ensure that you can always upgrade your account, even if you get locked out from LW1 logins.
totallybogus’ recommendation of resetting my password worked. But what I’m still confused about is that there is no website feedback for submitting a wrong password. If you try to login as a user that doesn’t exist, you get an immediate (though tiny) error message saying “User not found”. In contrast, if the user does exist and you enter an arbitrary (and wrong) password, you get no feedback whatsoever.
In fact, that may have been all that happened in my case—maybe my account had been successfully migrated already, so submitting my old LW1.0 password didn’t match my new LW2.0 password, and therefore the login failed; but because I got no website feedback, I had no way of telling the difference.
All that said, I’m aware that allowing unlimited login attempts with arbitrary passwords would constitute a serious security risk (one you’ve undoubtedly already taken into account), but the current situation of getting no feedback whatsoever for wrong login attempts is also suboptimal.
Another issue: I am still logged on on lesserwrong.com, but when I use my saved password from lesswrong.com to login to the site, nothing happens—I neither get logged in, nor do I get an error message.
(Actually, after pressing the “Sign in” button for several times in rapid succession, I get an “Unknown error” message, but not before.)
EDIT: In the original migration announcement from a few days back, the OP linked to the github issues page here: https://github.com/Discordius/Lesswrong2/issues—is it enough to report issues in comments on this post, or do you need reports there?
Hmm, this could be the bug that’s seemingly resulting in a number of LW1 (“legacy”) accounts being locked out. Did you have a recovery email set on LW1 before the first database import? If you didn’t, but perhaps set it later, then make sure that you can request a “reset password” email from https://www.lesswrong.com with that address (don’t worry, this won’t actually reset your password or anything unless you click the link in the resulting email message). If you see an error because your recovery address can’t be found, visit the “edit account” page in your logged in session and resubmit your data there (your email should be there, but resubmit anyway), then retry the “forgot password” feature on lesswrong.com and make sure that it works for you. This should hopefully ensure that you can always upgrade your account, even if you get locked out from LW1 logins.
Yep, this should work. I will look into what might be causing the locked-out accounts ASAP.
totallybogus’ recommendation of resetting my password worked. But what I’m still confused about is that there is no website feedback for submitting a wrong password. If you try to login as a user that doesn’t exist, you get an immediate (though tiny) error message saying “User not found”. In contrast, if the user does exist and you enter an arbitrary (and wrong) password, you get no feedback whatsoever.
In fact, that may have been all that happened in my case—maybe my account had been successfully migrated already, so submitting my old LW1.0 password didn’t match my new LW2.0 password, and therefore the login failed; but because I got no website feedback, I had no way of telling the difference.
All that said, I’m aware that allowing unlimited login attempts with arbitrary passwords would constitute a serious security risk (one you’ve undoubtedly already taken into account), but the current situation of getting no feedback whatsoever for wrong login attempts is also suboptimal.
Strongly agree. I messed up some of the login error messages myself, and we should fix that very soon.