vBulletin uses the registered user name for logging in to a forum. No issue. However, there is no provision in vBulletin for setting a 'Display as / Alias' for the user once logged in. By this, I mean that a user 'alias' would be displayed throughout the forum and not the actual registered user name.

Many people are lazy (not intended as disrespect, just a basic fact) when it comes to passwords, simply due to the fact that hard ones are difficult to remember. Therefore, many passwords are simple and (easily) guessable. The risk to vBulletin forums is that a registered user name could be hijacked by guessing its password, and having the password changed by the hijacker.

This possible risk could be minimized greatly if an element were added to vBulletin to require (mandatory field) a different identity be provided (an 'alias' which is not the same as the registered user name or an existing identity belonging to a registered user -- a validation check). This 'alias' is what would be shown within the forum, not the registered user name.

I know there are a couple of mods that allow you to log in using your email address. They also allow the username to be used, but maybe you could modify one to require the email address and not allow the user name.

That isn't the same thing, and doesn't address the issue.

Currently: I register on a vBulletin forum with user name Bozo. My registration is accepted and I log in to the forum. Any where in the forum, I am identified as user Bozo, my actual user name used for registration.

Proposed: During registration, an additional field, call it Alias, must be completed -- it can't be ignored or empty. This field could not contain the same entry as the user name and not the same as an existing registered users user name or alias. It would be the Alias, after logging in with the actual user name, that is displayed throughout the forum.

So, I register as Bozo and specify DaffyDuck as my Alias. Both are validated as not already existing to registered users and I'm given a user account under the name of Bozo, but when I log in to the forum with Bozo and my password, my identity will be shown to be DaffyDuck.

Sorry. I understood what you said and I know that what I suggested isn't the same thing, but it seems to me that it does address the same issue because in general people won't know your email address. So I think it's the same thing you said except it just uses the email address in place of the user name, and the existing user name becomes the alias.

In any case, are you asking if something exists, asking how you can do it, or just suggesting a feature that you think should be in vbulletin in the future?

You could use something like this in a plugin (you'd have to expand the idea for other areas) postbit_display_complete$post[musername] = $post[fieldx];
where fieldx is a profile field.

No need to be sorry. It is difficult to effectively communicate via posts. ;)

Am I conveying my concern sufficiently well? IF someone knows your user name, which in vBulletin, is your registered account name, then a hacker already has half of what they need to attempt a takeover of that account. All they need to do is figure out the password.

In what I'm suggesting, this would be impossible, as no one viewing the forum and seeing who's online would know what the registered account user names were. In that case, they don't know both things required to takeover an account.

In that case, they don't know both things required to takeover an account.

And if they can't see your email address, and you need to use your email address to log in, then they also don't know both things they need, right?

No big deal, maybe I'm just being stupid today. Someone else will probably understand. ;)