totallybogus’ recommendation of resetting my password worked. But what I’m still confused about is that there is no website feedback for submitting a wrong password. If you try to login as a user that doesn’t exist, you get an immediate (though tiny) error message saying “User not found”. In contrast, if the user does exist and you enter an arbitrary (and wrong) password, you get no feedback whatsoever.
In fact, that may have been all that happened in my case—maybe my account had been successfully migrated already, so submitting my old LW1.0 password didn’t match my new LW2.0 password, and therefore the login failed; but because I got no website feedback, I had no way of telling the difference.
All that said, I’m aware that allowing unlimited login attempts with arbitrary passwords would constitute a serious security risk (one you’ve undoubtedly already taken into account), but the current situation of getting no feedback whatsoever for wrong login attempts is also suboptimal.
Yep, this should work. I will look into what might be causing the locked-out accounts ASAP.
totallybogus’ recommendation of resetting my password worked. But what I’m still confused about is that there is no website feedback for submitting a wrong password. If you try to login as a user that doesn’t exist, you get an immediate (though tiny) error message saying “User not found”. In contrast, if the user does exist and you enter an arbitrary (and wrong) password, you get no feedback whatsoever.
In fact, that may have been all that happened in my case—maybe my account had been successfully migrated already, so submitting my old LW1.0 password didn’t match my new LW2.0 password, and therefore the login failed; but because I got no website feedback, I had no way of telling the difference.
All that said, I’m aware that allowing unlimited login attempts with arbitrary passwords would constitute a serious security risk (one you’ve undoubtedly already taken into account), but the current situation of getting no feedback whatsoever for wrong login attempts is also suboptimal.
Strongly agree. I messed up some of the login error messages myself, and we should fix that very soon.