I got an email today about the new version (0.6F), and in it I noticed a warning: "Use your LFS username and password only on the first 4 websites listed above (the Merchandise shop is not run by LFS)".

I don't actually remember seeing this text before, though the problem has clearly been around a while - see https://www.lfsforum.net/showthread.php?t=447

How about renaming all websites which ARE safe to use to be part of the lfs.net domain? Surely that would make it much easier to reduce phishing...

So we would have:
www.lfs.net
manual.lfs.net
forum.lfs.net
lfsworld.lfs.net

Then we'd have a new, simpler rule: if it's part of lfs.net you can use your LFS credentials. If not, don't.

Thoughts?

It's been discussed already, just can't find that thread (As soon as I find it, I will add it here)
(This should be in the improvement suggestions forum, imo)

Yeah, I thought it should have come up already but I also couldn't find any sign of previous discussion (searched for a few mins with various keywords...).
I chose this forum btw because the improvements one says "...suggestions on how to improve the LFS simulation" which this really isn't

Well, had one last attempt to find old threads about this.
I keep finding this thread, but nothing else

If anyone knows why the idea was abandoned/rejected in the past I'd be keen to hear the reason...

It was possibly in Victor's "website refresh" sub-forum that either no longer exists or is private.

It's a good idea to use different unique passwords for all of these:

- your lfs.net / lfsforum.net password
- your S2 user license game password
- your registered email password
- all other sites you're registered to

Never re-use your lfs.net password or game password for other stuff and it won't be at risk or compromised.

Quote from Pablo Donoso :

It's a good idea to use different unique passwords for all of these:

- your lfs.net / lfsforum.net password
- your S2 user license game password
- your registered email password
- all other sites you're registered to

Never re-use your lfs.net password or game password for other stuff and it won't be at risk or compromised.

Huh?? Unless I've misunderstood you, you are completely missing the point.
As the post (which I linked above) from Victor says, LFS credentials can (and in fact must) be used at four and only four websites:
www.lfs.net (previously www.liveforspeed.net)
www.lfsworld.net
www.lfsforum.net
www.lfsmanual.net

Note the massively unhelpful fact that these four sites are on FOUR different domains... The phishing risk arises precisely because of this fact. Do you see the problem now?
If some thief invents a new website like lfsshop.net, lfsreplays.net, or similar, people should be forgiven for it not exactly jumping out at them that this is not a legit website, given the (IMHO bizarre) decision to have separate domains for every LFS website that is legit...

Quote from Neilser :

As the post (which I linked above) from Victor says, LFS credentials can (and in fact must) be used at four and only four websites:
www.lfs.net (previously www.liveforspeed.net)
www.lfsworld.net
www.lfsforum.net
www.lfsmanual.net

www.liveforspeed.com works for lfs.net too

[site name].lfs.net would be cool because ScaViEr would pay less for domains....