"No email associated with your account"

Got the following message:

"Hello, as you have an early Lichess account, no email was required when you registered.

However this makes it easy for you to lose access to your account.
If you forget your password, or if your password is leaked from another website, or if we decide that your password is too easy-to-guess to be secure, your account will be lost.

You can visit lichess.org/account/email to set your personal email address. That way, you'll be able to reset your password when needed."

Won't give any account. Concerned about the "if we decide that your password is too easy-to-guess to be secure, your account will be lost" part:

1) What is 'secure'?
2) Who is we?
3) Can 1) or 2) change and how would i be able to notice it?

Thanks.

Why not just set your email?

@kjf said in #1:
> 1) What is 'secure'?

a password is secure, if it is not easy to guess (i.e. it mostly has a certain length, and is not mentioned on your profile anywhere), and it's not used on other websites or services. neither by you or anyone else. if they find your password in one of the many, many, many databases of leaked passwords, then it is definitely not secure.

> 2) Who is we?

the lichess devs.

> 3) Can 1) or 2) change

yes, of course. a new database of password leaks, (1) changes. lichess has a new dev, or a dev stops working on lichess, (2) changes.

> and how would i be able to notice it?

(2) changes often anyway, so you can just assume it recently changed. for (1), you would notice by virtue of not being able to log into your account anymore.

@AsDaGo said in #2:
> Why not just set your email?
I signed up for "no data needed", now I'm told "give us mail or we might delete your account in case we feel like it".

@glbert said in #3:
>[...]
Thank you for taking the time to answer. I was interested in specific answers(How many digits? What kind of digits? Will there be any action needed in the future? Who is the source so I can look up answers myself?) as the message I got was vague. I was not able to find password guidelines with a lichess definition of "secure".

On lichess.org/account/passwd, as you enter your password there is a password strength indicator that will tell you if it is good enough.

Of course that does not prevent it from being invalided if you used it somewhere else.

Note: lichess does not send emails to make announcements
but it's just so you can recover your account
if you forget your password
or the password is invalidated due to a security risk
lichess has a system to check if one of your passwords
has been leaked and blocks it if it is found

@Solal35 said in #5:
> On lichess.org/account/passwd, as you enter your password there is a password strength indicator that will tell you if it is good enough.
>
> Of course that does not prevent it from being invalided if you used it somewhere else.

That will do, thank you. In face of the expected changes of data protection laws in Europe over the next two years I'll take the risk of loosing a chess account over possible exploitation of GDPR. This resolves this feedback request.

@kjf said in #7:
> That will do, thank you. In face of the expected changes of data protection laws in Europe over the next two years I'll take the risk of loosing a chess account over possible exploitation of GDPR. This resolves this feedback request.

I get the sentiment, but it's also possible to use a GMail account if you don't want to share your personal email address.