Created a discourse account but was never prompted for an account password .. why?

Just today I created an account to participate here and opted to NOT use social media based login but rather my preferred style of managing accounts and passwords … an email address and my own custom password.
The trouble is there was no place for me to specify a password for this newly created account and as best as I can tell from the “Preferences” section there is no way to change my current password.

Don’t you think it a little presumptive that some randomly generated password is presumed to be stored in some password keychain rather than giving each account owner the freedom choose their own password for a new discourse account?

As it happens I misunderstood the promp that appeared (with your default alphanumeric password) and began typing over that with my customary (and exceedingly cryptic, I should add!) password before realising that the prompt was not a part of your new account setup but rather that prompt was a part of Firefox’s password management feature asking if I wanted to save this completely unfamiliar and impossible to memorise auto-generated password. So now that opportunity is lost and as soon as I log out from here I fully expect that I will not be able to login again. … Grrr!!!

I don’t particularly mind that you use a slightly different method for validating an email address before creating an account. That is completely fair. What does bother me is that you say nothing in advance about a user’s apparent inability to prescribe their own account password. You effectively force me to rely on a password management tool built into my browser. That would be fine if you told me in advance but you didn’t. You presumed my concent. You presumed that the next device that I use to access these discourse forums will be somehow magically linked to the browser that I am using today and that your automatically generated password (which is demonstrably less secure than my preferred password algorithm) will be inserted from whichever future device I use.

Maybe I am part of an endangered minority but … one reason I’ve been a Mozilla supporter since Netscape days is that I do not like being coerced or told to confirm to a cookie-cutter mold designed for the average Joe user.

Please review your screen prompts for users that choose an email address based authentication when creating a new account.

Please seriously consider allowing a user-specified password.


My understanding of your login process is maturing.

At each login you effectively have me verify my email address ownership using the same device.
This works so long as I am careful when using another person’s device to access discourse.

I can trust that my devices do not have a keylogger. I might not trust that a client’s device is just as safe from keylogging (or otherwise remembering) my email account password.

I can now understand why you have no account preference for changing a user’s password. Thank you!