diff --git a/.golangci.yml b/.golangci.yml
index 4ec66d753..0d0f51bd2 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -204,7 +204,7 @@ linters:
     - gocritic
     - gofmt
     - golint
-    - gosec
+    - gosec # Should turn back on soon
     - interfacer
     - lll
     - maligned
diff --git a/clientapi/routing/register.go b/clientapi/routing/register.go
index b1522e82b..50f352470 100644
--- a/clientapi/routing/register.go
+++ b/clientapi/routing/register.go
@@ -108,21 +108,24 @@ var (
 // remembered. If ANY parameters are supplied, the server should REPLACE all knowledge of
 // previous parameters with the ones supplied. This mean you cannot "build up" request params.
 type registerRequest struct {
-	// registration parameters
-	Password string `json:"password"`
-	Username string `json:"username"`
-	Admin    bool   `json:"admin"`
 	// user-interactive auth params
 	Auth authDict `json:"auth"`
 
-	InitialDisplayName *string `json:"initial_device_display_name"`
-
-	// Prevent this user from logging in
-	InhibitLogin common.WeakBoolean `json:"inhibit_login"`
+	// registration parameters
+	Password string `json:"password"`
+	Username string `json:"username"`
 
 	// Application Services place Type in the root of their registration
 	// request, whereas clients place it in the authDict struct.
 	Type authtypes.LoginType `json:"type"`
+
+	InitialDisplayName *string `json:"initial_device_display_name"`
+
+	// more reg params
+	Admin    bool   `json:"admin"`
+
+	// Prevent this user from logging in
+	InhibitLogin common.WeakBoolean `json:"inhibit_login"`
 }
 
 type authDict struct {