The end of short logins..

In our ever ongoing effort to improve the service and get rid of legacy, we are again removing old infrastructure and replacing it with new. Where as this is seamless and invisible to some users, we have seen that others are running into – e.g. login issues.

Years ago, when ‘’ changed name to ‘’, we made a change that pushed users to use the full email address to login to the service. E.g. John Doe with the email could login to the web client with the login john.doe before the change, but after the change he would need to use .

For many different reasons getting rid of the old infrastructure turned out to become a long affair, and some users never got around to change their habit of using the short login. As we are getting closer to getting rid of the last piece of the old infrastructure, these users will more and more often hit new infrastructure, and get required to login with their full email address.

If you are among our loyal longtime users, and you suddenly experience problems logging in to our systems, then please make sure that you are actually using your full email address as login.

Should you still be unable to login, then please contact support via

bɪvrɒst or



4 thoughts on “The end of short logins..

  1. What would be great to see is a persistent login instance, where the Web Client ‘remembers’ you, i.e. the concept of a session without the need to continuously log in and out, but that once you are authenticated, you are set for a certain period of time until re-authentication is required.

    1. This functionality exists already, but it’s complete discretionary to the browser, and your settings in it.

      For example, I have many logins/passwords remembered on my physically secured desktop (but not the sensitive ones), while I have only the logins remembered on my laptop.

      Also, if you wished to just bookmark `/?task=login&user=`, nothing’s stopping you.

  2. Understood, I’m aware browsers can store credentials.

    However, sessions often time out and they require re-logging in. Gmail for instance rarely requires reauthentication, but potentially this is a concept beyond the scope of Roundcube 1?

    Keep up the good work

    1. The extended and regularly refreshed authentication credentials (read: authorization codes) are part of what “do not track me”, “ad-block plus”, “privacy badger” and such and so forth are supposed to address. After all, Google isn’t just It’s also just-an-awful-lot of other things. This is how you have to sign in to YouTube only twice in your life. It means an implicit trust mechanism is in place, of which we decline the validity for the purposes of privacy and integrity.

Comments are closed.