# Reasons behind the recent procedure changes



## Makai Guy (Apr 16, 2007)

A number of you have asked why the recent changes were made to the login system.  

There were several inter-related and long-standing problems that these changes address:
*Problems with relying on email for continued communication.*

The former system relied on each member keeping an up-to-date email address in his/her TUG member record.  When members changed their email address but failed to submit the Email Update Form (link on TUG homepage), the whole thing broke down. TUG then had no way to communicate issues involving each member's personal account.  An astoundingly high number of emails are continually returned due to bad addresses.  Many, many members' accounts expired without their knowledge because they could not receive the renewal message from TUG and there was no way to check their member status online.  

An additional problem is that when TUG tries to send out mass mailings to its members, many spam detection systems think this is a spam broadcast and blacklist TUG, making it even _more_ difficult for us to communicate via email.



*Member Access codes for all TUG members the same*

With the former system, all TUG Members used the same universal TUG Member username and password to access the Members-only areas.  This system was created in the early days of TUG, before there was any TUG bbs at all.  

When a TUG member's account expired, he/she could go on accessing the Members Only areas until some distant date in the future when the Member password was revised.  As a result, a member with an expired account could continue on, blissfully unaware that the account was no longer valid.

Every time TUG has updated the universal Member password it has caused untold grief because such a high percentage of TUG members never saw their emailed announcements.  As a result, TUG kept putting off changing the universal Member password was always a painful process and TUG tended to put it off to longer and longer intervals.  The last update was away from _ten_ as the password, 'way back in November 200*4*, allowing the universal Member password to get staler and staler, and more and more non-members to have access to the portions of the site meant for, and financed by, members.



*Two separate sets of login information*
When the bbs was added, the existing single universal logon could not be used.  Each bbs user needs to be able to log in as a specific individual.  Consequently the bbs needed to have its own separate login system.

Over the years, having to use two separate logins probably has been the #1 complaint from TUG Members.



*Use of the Member Password on the bbs to indicate TUG Member status*

Remember, the bbs is open to both TUG Members and Guests, so there has to be some method of differentiating between them on the bbs.  This is necessary both to control access to a few members-only features on the bbs and to visually indicate TUG members in their posts.

None of the various bulletin board implementations we've used over the years (our first two 'home brew' systems, UBB that we switched to in 2000, vBulletin that we switched to in 2005 and are still using) included any provisions for integration with a separate member database.  As a result, there was no way for the bbs to know automatically whether a given bbs user is TUG member or a Guest.  Believe us, we would LOVE for the bbs to be able to check the Member records automatically, but as yet we have not found a way to do this.  

As a work-around, TUG requested members to enter the current value of the Member password into their bbs profiles in order to show to the bbs that they were indeed TUG members rather than non-member guests.

This resulted in all the same problems as mentioned above.   When updates to the code were mailed out, many people never received them.  If your membership had lapsed, but you still had the old, stale universal Member password in your profile, the bbs thought you were a TUG member.  Many people with expired memberships did not realize it because the bbs continued to tell them they were members.
The new system addresses these issues as follows:
*Email addresses*
The need to receive the initial temporary Member Login password from the new system forces everyone to make sure they have a workable email address in their TUG Member records, at least for now.



*Access to the Members-only sections is now coupled to your individual TUG Member account.*

The expiration date of your TUG membership is shown in the 'My TUG' box when you log into the Member Login system.  In addition, a renewal email will be sent out when your membership is about to expire.  If your membership should expire, the Member Login system will not let you into the Members-only areas.  This will immediately tip you off to the fact that your account has expired and you can renew your account if you so choose.  The renewal process will again assure you have a valid email address in your account records.



*You can have a single set of login information that will get you into anything on the TUG website.*

The new Member Login system is set up to use the same username you established on the bbs as the username for your Member Login account.  You will be issued an temporary initial Member password for the new system.  (Your bbs password is not used initially because it is stored by the bbs in encrypted form and handled internally by the bbs software, so, frankly, we don't know what it is.) 

*You are strongly encouraged to change your new Member Login password to the same password you use for the bbs.*  If you do that, the same username/password combination will get you into anything on the TUG site.There is currently one exception to this: the present classified ad system.  Currently each classified ad has its own password to allow you to access your ad and edit it.  This will soon be replaced by the classified ad system being beta tested right now, which is accessed via your standard bbs login.​
*Identifying yourself to the bbs as TUG member is decoupled from the Member password*

TUG has not yet been able to connect the bbs database to the member database to allow the bbs to check the member status of any individual user.  Thus we must continue the system of having the users indicate their TUG member status by entering a code into their bbs profiles.   

This new BBS Member Code, however, has now been de-coupled from the Member login password, so we can update this code without affecting anybody's access passwords.  

The BBS Member Code is always available to anybody with a valid TUG membership simply by logging into the Member Login system.  As a result, TUG no longer has to rely on emailing the new BBS Member Code every time it is updated, eliminating all the problems mentioned above regarding emailing user information. 

When the BBS Member Code is updated, there will be adequate notice given on the bbs, and anybody with an active TUG membership can easily log into the Member Login system to get the new code.  If you don't check into the bbs for a while, and the BBS Member Code is changed during your absence, the board will show you a notice regarding this when you return and log in to the bbs.

This will allow us to update the BBS Member Code more frequently, so that expired members will not receive false indications that their memberships are still active for so long a time.  If your TUG membership runs out without you knowing it, being shown as Guest when you log in after the BBS Member Code has been updated may be your first indication that your membership has expired.

The frequency of updating the BBS Member Code has not been determined yet, but we're leaning toward doing it quarterly.  After you've done it once or twice and have become familiar with the process, you should be able to update your account in a minute or less.

I hope this answers your questions regarding why TUG has made these recent changes.  If you have stuck with this long enough to read the whole thing, I think you'll appreciate why this information was not included in the posts of what you needed to do at your end -- it would be far too complicated for folks that just want to quickly find out what they need to do.

In closing, our overriding goal with these changes has been to achieve a single login name and password that will work anywhere in TUG.  We can accomplish this now as outlined above.   Once this login and password is set correctly, you will never have to change it again to access TUG!

As an added bonus, we have cut our reliance on unreliable email.

We will help you in any way we can if you have issues with these changes.


----------



## barndweller (Apr 16, 2007)

Okay, Whatever you say. 

I personally didn't find the process all that taxing. Although it did take a couple of attempts. You'd a thunk TUG was deliberately trying to lock folks out from all the hoopla over this new code stuff. Sheesh! If re-configuring one's TUG log in is the biggest problem of his/her day, I hate to think what the reaction would be to a real crisis.

Thanks for all your work on simplifying our use of TUG. You are appreciated.


----------

