email address as username

27 Oct 2006 - 6:43am
7 years ago
21 replies
20922 reads
Soo Basu
2005

Hi
I'm reviewing a web based blogging service. Currently on sign up, the
user has to enter a username, a display name and an email address. I
suggest that that username be replaced by the user's email address.
(from any email, say yahoo, gmail, hotmail, rediffmail, etc)
How would this impact the security of the product? Is there any
drawback in using an email address as the username?
Cheers,
S

--
"Less isn't more, just enough is more!"
****************************************************************************
Sunandini Basu
Interaction Designer
****************************************************************************

Comments

27 Oct 2006 - 6:59am
maglez@btintern...
2006

I recognise that using your own email address as username is much easier for the final user, the
problem is that many people already know your email address so that pose a security risk, it's a
very easy to obtain piece of information.

Even so, I like those sites that allows you to use your email address as username.

Have a look at this newsletter http://www.useit.com/alertbox/20001126.html and this other
http://www.useit.com/alertbox/passwordsecurity.html

Maglez.

--- Sunandini Basu <sunandinibasu at gmail.com> wrote:

> [Please voluntarily trim replies to include only relevant quoted material.]
>
> Hi
> I'm reviewing a web based blogging service. Currently on sign up, the
> user has to enter a username, a display name and an email address. I
> suggest that that username be replaced by the user's email address.
> (from any email, say yahoo, gmail, hotmail, rediffmail, etc)
> How would this impact the security of the product? Is there any
> drawback in using an email address as the username?
> Cheers,
> S
>
> --
> "Less isn't more, just enough is more!"
> ****************************************************************************
> Sunandini Basu
> Interaction Designer
> ****************************************************************************
> ________________________________________________________________
> Welcome to the Interaction Design Association (IxDA)!
> To post to this list ....... discuss at ixda.org
> List Guidelines ............ http://listguide.ixda.org/
> List Help .................. http://listhelp.ixda.org/
> (Un)Subscription Options ... http://subscription-options.ixda.org/
> Announcements List ......... http://subscribe-announce.ixda.org/
> Questions .................. lists at ixda.org
> Home ....................... http://ixda.org/
> Resource Library ........... http://resources.ixda.org
>

27 Oct 2006 - 7:21am
Gilles DEMARTY
2005

Hi miguel and Sunandini.

> > How would this impact the security of the product? Is there any
> > drawback in using an email address as the username?
I'm not sure security is at stake here. I don't want to give you any
security lessons, as i have a bit of background in this subject, but :

Providing the name of the user, the email, or whatever is not to
authentify the user, but to identify it. The authentification is meant
only by the password. It does not add any more security to have the
login name being something secret as well.

Another way to say this is : You have first to state who you are (with
a login name, an email, etc...), and then you have to prove that you
are really who you are claiming (with a piece of information that you
only knows, or owns, or that is part of you.)

So if this is the security of the product that keeps you from using
the email as the username, don't be afraid to use it, it's totaly safe
(as far as you ask for a password as well).

HTH

Gilles

27 Oct 2006 - 7:48am
Peter Bagnall
2003

I absolutely agree with Giles on this. If you want to ensure security
make sure the passwords are strong.

And to add another advantage with usernames being email addresses,
you're guaranteed that the email addresses are unique. It's not
uncommon to try to create a username that is some version of your
name only to find someone else has beaten you to it. In that case you
have to use a variant, and that's something you can easily forget.
Email addresses are less likely to be forgotten, although there is a
potential problem if people change their email addresses - but even
then they are more likely to remember their old ones than to remember
an obscure username.

Cheers
--Pete

On 27 Oct 2006, at 13:21, Gilles Demarty wrote:
> Another way to say this is : You have first to state who you are (with
> a login name, an email, etc...), and then you have to prove that you
> are really who you are claiming (with a piece of information that you
> only knows, or owns, or that is part of you.)

-------------------------------------------------------------
Voice or no voice, the people can always be brought to the bidding
of the leaders. That is easy. All you have to do is tell them they
are being attacked, and denounce the peacemakers for lack of
patriotism and exposing the country to danger. It works the
same in any country.
--Goering at the Nuremberg Trials

27 Oct 2006 - 7:22am
joanie
2006

If the display name is unique, then it can serve as a username.

Otherwise, if you use email address as a unique identifier, then any
accompanying password field must be clearly labeled so that users do not put
in the password for their email address. I have had success with "Create
Password" and "Retype Password" as labels. Not sure if you're asking users to
fully create an account...

-joanie

------ Original Message ------
Received: 04:44 AM PDT, 10/27/2006
From: "Sunandini Basu" <sunandinibasu at gmail.com>
To: discuss at ixda.org
Subject: [IxDA Discuss] email address as username

> [Please voluntarily trim replies to include only relevant quoted material.]
>
> Hi
> I'm reviewing a web based blogging service. Currently on sign up, the
> user has to enter a username, a display name and an email address. I
> suggest that that username be replaced by the user's email address.
> (from any email, say yahoo, gmail, hotmail, rediffmail, etc)
> How would this impact the security of the product? Is there any
> drawback in using an email address as the username?
> Cheers,
> S
>
> --
> "Less isn't more, just enough is more!"
>
****************************************************************************
> Sunandini Basu
> Interaction Designer
>
****************************************************************************
> ________________________________________________________________
> Welcome to the Interaction Design Association (IxDA)!
> To post to this list ....... discuss at ixda.org
> List Guidelines ............ http://listguide.ixda.org/
> List Help .................. http://listhelp.ixda.org/
> (Un)Subscription Options ... http://subscription-options.ixda.org/
> Announcements List ......... http://subscribe-announce.ixda.org/
> Questions .................. lists at ixda.org
> Home ....................... http://ixda.org/
> Resource Library ........... http://resources.ixda.org
>
>
>

____________________________________________________________________

27 Oct 2006 - 7:53am
SusieComet
2006

Speaking of strong passwords... I recently signed up for a BBS that
enforced a strong password. There were so many rules to the password that
it took me three tries to put in one that the system liked... and now I
have no idea what that password is. When I'm signing up for something like
a BBS that just isn't that important, let me enter any password I want!!!
Retain the super secure model for bank websites.

Rant over ;)

Peter Bagnall
<pete at surfaceeffe
ct.com> To
Sent by: "Gilles Demarty"
discuss-bounces at l <gilles.demarty at gmail.com>
ists.interactiond cc
esigners.com discuss at ixda.org
Subject
Re: [IxDA Discuss] email address as
10/27/2006 08:48 username
AM

[Please voluntarily trim replies to include only relevant quoted material.]

I absolutely agree with Giles on this. If you want to ensure security
make sure the passwords are strong.

-----------------------------------------
CONFIDENTIALITY STATEMENT:
This e-mail transmission contains information that is intended to
be confidential. It is intended only for the addressee named
above. If you receive this e-mail in error, please do not read,
copy, or disseminate it. If you are not the intended recipient,
any disclosure, copying, distribution or use of the contents of
this information is prohibited. Please reply to the message
immediately by informing the sender that the message was
misdirected. After replying, please erase it from your computer
system. Your assistance in correcting this error is appreciated.

27 Oct 2006 - 8:14am
Soo Basu
2005

There's a related newsletter from Human Factors

http://humanfactors.com/downloads/jun04.asp

May be useful.
Cheers,
S

27 Oct 2006 - 10:13am
Josh
2006

I prefer email addresses over usernames as login ID's because they are
unique, easier to remember, and given a valid email address, give the
organization a way to stay in frequent contact with the user. Although it is
true that more than one user can have access to an account, access to an
email account is considered to be under the user's domain of influence.

Assuming that a user is likely to have 1 or 2 frequently used email
addresses, consider the scenario where a user has joined multiple sites with
each site requiring a unique username/login ID with it's own min/max
character requirements. In this case which would be a bigger barrier to
entry when the user is signing up or if the user has not visited the site in
weeks/months?

Unique usernames as login ID's don't scale well once "all of the good names
are taken". If a user is signing up and sees that his name is taken, can you
be certain that the user will continue entering variations of their username
until they find one that is unique?

Regarding security issues: This may sound a little callous, but what is
really at risk if the account is hacked/hijacked? I worked for a company
with a group of sites with membership estimated around 10million registered
users, and security of account information using email addresses as login
ID's was not a problem (Meaning it NEVER came up in the call center or
email). The bigger problems were getting users to join in the first place
and keeping them active on the sites.

Josh Viney
EastMedia Group

27 Oct 2006 - 10:37am
Jupiter Barton
2006

The guaranteed unique username brings an added bonus. It eliminates people
creating additional usernames when they can't remember if they previously
created one or they have forgotten what it was. Essentially you will
reduce two things -
1. Number of dead usernames
2. Amount of wasted server space resulting from abandoned accounts.

It can add up over time if you have lots of users that do not log in
frequently.

On 10/27 "Peter Bagnall" <pete at surfaceeffect.com> wrote:

> And to add another advantage with usernames being email addresses,
> you're guaranteed that the email addresses are unique. It's not
> uncommon to try to create a username that is some version of your
> name only to find someone else has beaten you to it. In that case you
> have to use a variant, and that's something you can easily forget.
> Email addresses are less likely to be forgotten, although there is a
> potential problem if people change their email addresses - but even
> then they are more likely to remember their old ones than to remember
> an obscure username.
>
>

Jupiter Barton
http://www.jupiterbarton.com

27 Oct 2006 - 11:12am
Becubed
2004

I believe that sites should not *require* an email address as the
userID. It's common for some folks to have multiple addresses (which
did I use?) and for addresses to change (hmm, what *was* that
address..?). In some recent usability tests, I've observed
participants complaining about the registration/signin process for
these two reasons.

Sites should accept anything as a userID, with very few restrictions.
If I want to use an email address -- hey, no problem! If I want to
use my first name or even my DNA sequence -- hey, no problem! The
purpose of the userID is simply to identify, not to authenticate, as
someone mentioned in an earlier post. Security belongs in the
password, IMHO.

It's the *requiring* an email address that I disagree with. If you
want that info so you can stay in touch with people, then ask them
for the address separately.

--
Robert Barlow-Busch
Practice Director, Interaction Design
Quarry Integrated Communications Inc.
rbarlowbusch at quarry.com
(519) 570-2020

This e-mail message (including any attachments) is intended only for
the use of the individual to whom it is addressed and may contain
information that is privileged, proprietary, confidential or subject
to copyright. If you are not the intended recipient, you are
notified that any use, dissemination, distribution or reproduction of
this communication is strictly prohibited. If you have received this
communication in error, please notify the sender and delete this e-
mail message immediately.

27 Oct 2006 - 6:50pm
Peter Trudelle
2004

I agree that requiring email addresses for userIDs, and especially
overloading their use as the primary means of contact, is a very bad
practice, for the reasons you cite, plus:

1. There is a significant security problem with using the email
address as username and overloaded contact info, in that a user
may gain access to accounts used by the previous holder of that
email address. Most of the email addresses I've had over the
years are no longer under my control; any/all of them could have
been re-used by others. If any of those people went to a site I
used, which required it as both username and contact, they could
trivially claim to have forgotten their password, and the site
would cheerfully email my password to them. Asking canned
questions like where I was born or my mother's maiden name adds no
security, as most such answers are either publicly available or
easily guessed.
2. Sites that require the username to be an email address do make it
easier to crack a user's login credentials, since email addresses
are much more public information, which can easily be harvested.
Allowing arbitrary strings as the username can make it as hard to
crack as the password.
3. Such sites typically do not provide for changing the username when
an email address changes, or migrating the account information, so
that the account must be closed or abandoned and a new one
started. You might as well start a new account with a competitor
who does not seek to save themselves development time/effort at
your expense.

Peter

Robert Barlow-Busch wrote:
> [Please voluntarily trim replies to include only relevant quoted material.]
>
> I believe that sites should not *require* an email address as the
> userID.

28 Oct 2006 - 11:13am
Cwodtke
2004

5 reasons not to use email for login

http://blog.publicsquarehq.com/view/5_reasons_not_t

Sunandini Basu wrote:
> [Please voluntarily trim replies to include only relevant quoted material.]
>
> Hi
> I'm reviewing a web based blogging service. Currently on sign up, the
> user has to enter a username, a display name and an email address. I
> suggest that that username be replaced by the user's email address.
> (from any email, say yahoo, gmail, hotmail, rediffmail, etc)
> How would this impact the security of the product? Is there any
> drawback in using an email address as the username?
> Cheers,
> S
>
>

--
Christina Wodtke
Principal Instigator

Magazine :: http://www.boxesandarrows.com
Business :: http://www.publicsquarehq.com
Personal :: http://www.eleganthack.com
Book :: http://www.blueprintsfortheweb.com

cwodtke at eleganthack.com

28 Oct 2006 - 11:58am
Jed Wood
2005

Lars makes some good points in that post. However, of those 5
reasons, 1-3 all cite "they'll forget" as the primary issue.
Remembering the username and auto-populating can remedy this in many
cases. #4 has already been pointed out as not scaling very well, and
I know I'm surprised at how often my usual username is taken, even
though it seems quite unique. #5 seems beneficial only in social,
"fun" applications. I don't feel warm fuzzies when using
"RockStar137" to sign-in to my car loan account.

-Jed

On Oct 28, 2006, at 12:13 PM, Christina Wodtke wrote:

> [Please voluntarily trim replies to include only relevant quoted
> material.]
>
>
> 5 reasons not to use email for login
>
> http://blog.publicsquarehq.com/view/5_reasons_not_t
>
> Sunandini Basu wrote:
>> [Please voluntarily trim replies to include only relevant quoted
>> material.]
>>
>> Hi
>> I'm reviewing a web based blogging service. Currently on sign up, the
>> user has to enter a username, a display name and an email address. I
>> suggest that that username be replaced by the user's email address.
>> (from any email, say yahoo, gmail, hotmail, rediffmail, etc)
>> How would this impact the security of the product? Is there any
>> drawback in using an email address as the username?
>> Cheers,
>> S
>>
>>
>
> --
> Christina Wodtke
> Principal Instigator
>
> Magazine :: http://www.boxesandarrows.com
> Business :: http://www.publicsquarehq.com
> Personal :: http://www.eleganthack.com
> Book :: http://www.blueprintsfortheweb.com
>
> cwodtke at eleganthack.com
>
> ________________________________________________________________
> Welcome to the Interaction Design Association (IxDA)!
> To post to this list ....... discuss at ixda.org
> List Guidelines ............ http://listguide.ixda.org/
> List Help .................. http://listhelp.ixda.org/
> (Un)Subscription Options ... http://subscription-options.ixda.org/
> Announcements List ......... http://subscribe-announce.ixda.org/
> Questions .................. lists at ixda.org
> Home ....................... http://ixda.org/
> Resource Library ........... http://resources.ixda.org
>

28 Oct 2006 - 4:25pm
jbellis
2005

Christina,
Can I ask which if any of these 5 items has merit for you personally as a
reason to dislike emails, either as a site owner or user?

I'll state in advance that I think that these 5 are excuses, rather than
good reasons but I don't want to make a shotgun response to them. (It is a
separate, and of course quite valid, matter if site owners use emails to
subsequently spam registrants.) I suspect that there's a hidden agenda here
related to anonymity, but first things first.

-Jack
----- Original Message -----
From: "Christina Wodtke" <cwodtke at eleganthack.com>
Cc: <discuss at ixda.org>
Sent: Saturday, October 28, 2006 12:13 PM
Subject: Re: [IxDA Discuss] email address as username

> [Please voluntarily trim replies to include only relevant quoted
material.]
>
>
> 5 reasons not to use email for login
>
> http://blog.publicsquarehq.com/view/5_reasons_not_t
>
> Sunandini Basu wrote:
> > [Please voluntarily trim replies to include only relevant quoted
material.]
> >
> > Hi
> > I'm reviewing a web based blogging service. Currently on sign up, the
> > user has to enter a username, a display name and an email address. I
> > suggest that that username be replaced by the user's email address.
> > (from any email, say yahoo, gmail, hotmail, rediffmail, etc)
> > How would this impact the security of the product? Is there any
> > drawback in using an email address as the username?
> > Cheers,
> > S
> >
> >
>
> --
> Christina Wodtke
> Principal Instigator
>
> Magazine :: http://www.boxesandarrows.com
> Business :: http://www.publicsquarehq.com
> Personal :: http://www.eleganthack.com
> Book :: http://www.blueprintsfortheweb.com
>
> cwodtke at eleganthack.com
>
> ________________________________________________________________
> Welcome to the Interaction Design Association (IxDA)!
> To post to this list ....... discuss at ixda.org
> List Guidelines ............ http://listguide.ixda.org/
> List Help .................. http://listhelp.ixda.org/
> (Un)Subscription Options ... http://subscription-options.ixda.org/
> Announcements List ......... http://subscribe-announce.ixda.org/
> Questions .................. lists at ixda.org
> Home ....................... http://ixda.org/
> Resource Library ........... http://resources.ixda.org
>

28 Oct 2006 - 11:03pm
Navneet Nair
2004

> 5 reasons not to use email for login
>
> http://blog.publicsquarehq.com/view/5_reasons_not_t
>

It does seem that each of the reasons cited by Lars against using
emails can equally be used against usernames.

1. People have more than one usernames, how can you remember which one
you have used for this site?
2. Validating emails is an important part of most registration
processes (whether you use emails or usernames for authentication is
irrelevant)
3. People change emails, so just give them the opportunity to change
the email address they use to log in; what is the big deal there?
4. I believe a user name has more constraints, as Jed points out,
availability of your usual username is so difficult in most cases,
especially if you have a very common name.
5. Display names are different from the email address which is used to
validate the identity. The display name can be common for users who
all wish to be called RockStar###. We have ways in the real world to
differentiate between people who have the same first name and last
name, a well designed social application should also have the same
affordances built in, and relying on a unique username is a lame
workaround to bad design.

Overall there are just my opinions, and I'm sure going by the
'excuses' put forward, Lars has not validated his claims either. Is
there any data available from studies on this?

Regards
Navneet

----------------------------------------------------
Navneet Nair
Interaction Architect
onClipEvent: form follows function();
----------------------------------------------------
Website: http://www.onclipevent.com
Blog: http://www.onclipevent.com/enterframe/

29 Oct 2006 - 9:33am
Michael Micheletti
2006

Agree with #3 very much. Not long ago I went through considerable trouble to
change my email address for a number of websites. Some of the processes were
insane - I can't remember how many different confirmatory emails to both old
and new addresses came my way from paypal. There were a couple of sites that
I was just not clever enough to succeed at changing my address on. I
recommend that other IxD folks try this exercise sometime as an object
lesson in how not to design processes. As if we needed any more "how not to"
lessons :-)

Michael Micheletti

On 10/27/06, Peter Trudelle <peter at trudelle.com> wrote:
>
> [Please voluntarily trim replies to include only relevant quoted
> material.]
>
> I agree that requiring email addresses for userIDs, and especially
> overloading their use as the primary means of contact, is a very bad
> practice, for the reasons you cite, plus:
> ...
> 3. Such sites typically do not provide for changing the username when
> an email address changes, or migrating the account information, so
> that the account must be closed or abandoned and a new one
> started. You might as well start a new account with a competitor
> who does not seek to save themselves development time/effort at
> your expense.
>
> Peter
>

29 Oct 2006 - 12:09pm
Joshua Gross
2006

As a researcher in hard cognitive aspects of HCI, I have to agree
with each point Navneet makes. In particular, I've been collecting
data on recall of usernames, and found a few interesting items:
1. Users tend to have one email address that they use for logging in
to sites
2. Users prefer to use an email address
2a. The primary reason for the preference is recall, and a guarantee
that they can use their preferred username (no one can have taken it
already)
3. Users show significantly higher recall for usernames that are
email addresses under two situations
3a. When prompted to enter their email address as their username to
login, nearly all users recall correctly
3b. When prompted to enter their username without the phrase "email
address" is not used, significantly more recall their username if it
is a email than if it is an arbitrary string - obviously, if they
can't have their preferred username, recall goes down, while if they
can have their preferred username, recall goes up

As you probably know, users tend to reuse passwords, which is a
security issue, but interestingly enough, survey data has shown that
users have more different usernames than they have passwords!

Right now, I'm working on validating these findings, so take them cum
granum salis, but in-lab validation is only so important.

Lars makes interesting points, but again, each is addressed quite
completely by Navneet.

-Josh

> Message: 5
> Date: Sun, 29 Oct 2006 09:33:37 +0530
> From: "Navneet Nair" <navneet.nair at gmail.com>
> Subject: Re: [IxDA Discuss] email address as username
> To: discuss at ixda.org
> It does seem that each of the reasons cited by Lars against using
> emails can equally be used against usernames.
>
> 1. People have more than one usernames, how can you remember which one
> you have used for this site?

29 Oct 2006 - 12:58pm
Cwodtke
2004

What I feel personally isn't really interesting; what Lars and I have
seen professionally is more useful. This article came out of our work
developing PublicSquare, a collaborative publishing platform.

First of all I should say this is highly contextual. Obviously choices
involved with a bank site is different than say, America's Test Kitchen,
where you sign in with your email only and no password (because you sign
up for the newsletter to get access... if you sign up with many emails,
or get it wrong, you get three or four copies of the newsletter; mildly
annoying but not as annoying as not being able to get to the apple pie
recipe when company is coming over.)

1) People have more than one email
we ran into this problem quite a bit when we migrated B&A from
Movabletype to PS. Because we have a reputation system, it was fairly
important to us that one person=one user.

2) Fake emails: you really can't recall a fake email, or you use the
same one (me at me.com) as other people, thus slowing log in/registration.
Do you know how many people's passwords are *still* 1234?

3) People change emails. This is deadly if you have forgotten your
password. Network Solutions is holding my domain name hostage, because I
am no longer at the email they have on record, and they want me to fax a
passport and a bill and other stuff to prove I'm me. Now it depends what
else you do with it... if you have a username, you can have a security
question and display the password rather than email it. regarding
multiple emails and changed emails, I find myself sometimes thinking,
when did I join this site? Was I at Hot, or at Carbon IQ then?

4) Fewer Constraints. I have a username I use for everywhere that isn't
consequential. I can immediately log onto those sites 4, 5, 6 years
later. Not so with email.

5) Personality. (he might also have said privacy)... howard
3498 at hotmail.com just doesn't have the same ring as Lucius_the_great.
Nor is it as easy to email.

Now this list is highly contextual. It assumes a bunch of things that
may not be applicable to some problems. But for our content site, with
a reputation, and no money transactions associated with log in, this
system works well so far.

Please feel free to leave him comments; we are always seeking to improve
our designs.

jackbellis wrote:
> [Please voluntarily trim replies to include only relevant quoted material.]
>
> Christina,
> Can I ask which if any of these 5 items has merit for you personally as a
> reason to dislike emails, either as a site owner or user?
>
> I'll state in advance that I think that these 5 are excuses, rather than
> good reasons but I don't want to make a shotgun response to them. (It is a
> separate, and of course quite valid, matter if site owners use emails to
> subsequently spam registrants.) I suspect that there's a hidden agenda here
> related to anonymity, but first things first.
>
> -Jack
> ----- Original Message -----
> From: "Christina Wodtke" <cwodtke at eleganthack.com>
> Cc: <discuss at ixda.org>
> Sent: Saturday, October 28, 2006 12:13 PM
> Subject: Re: [IxDA Discuss] email address as username
>
>
>
>> [Please voluntarily trim replies to include only relevant quoted
>>
> material.]
>
>> 5 reasons not to use email for login
>>
>> http://blog.publicsquarehq.com/view/5_reasons_not_t
>>
>> Sunandini Basu wrote:
>>
>>> [Please voluntarily trim replies to include only relevant quoted
>>>
> material.]
>
>>> Hi
>>> I'm reviewing a web based blogging service. Currently on sign up, the
>>> user has to enter a username, a display name and an email address. I
>>> suggest that that username be replaced by the user's email address.
>>> (from any email, say yahoo, gmail, hotmail, rediffmail, etc)
>>> How would this impact the security of the product? Is there any
>>> drawback in using an email address as the username?
>>> Cheers,
>>> S
>>>
>>>
>>>
>> --
>> Christina Wodtke
>> Principal Instigator
>>
>> Magazine :: http://www.boxesandarrows.com
>> Business :: http://www.publicsquarehq.com
>> Personal :: http://www.eleganthack.com
>> Book :: http://www.blueprintsfortheweb.com
>>
>> cwodtke at eleganthack.com
>>
>> ________________________________________________________________
>> Welcome to the Interaction Design Association (IxDA)!
>> To post to this list ....... discuss at ixda.org
>> List Guidelines ............ http://listguide.ixda.org/
>> List Help .................. http://listhelp.ixda.org/
>> (Un)Subscription Options ... http://subscription-options.ixda.org/
>> Announcements List ......... http://subscribe-announce.ixda.org/
>> Questions .................. lists at ixda.org
>> Home ....................... http://ixda.org/
>> Resource Library ........... http://resources.ixda.org
>>
>>
>
> ________________________________________________________________
> Welcome to the Interaction Design Association (IxDA)!
> To post to this list ....... discuss at ixda.org
> List Guidelines ............ http://listguide.ixda.org/
> List Help .................. http://listhelp.ixda.org/
> (Un)Subscription Options ... http://subscription-options.ixda.org/
> Announcements List ......... http://subscribe-announce.ixda.org/
> Questions .................. lists at ixda.org
> Home ....................... http://ixda.org/
> Resource Library ........... http://resources.ixda.org
>

--
Christina Wodtke
Principal Instigator

Magazine :: http://www.boxesandarrows.com
Business :: http://www.publicsquarehq.com
Personal :: http://www.eleganthack.com
Book :: http://www.blueprintsfortheweb.com

cwodtke at eleganthack.com

29 Oct 2006 - 1:09pm
Dave Malouf
2005

I have some experience using email addresses as well as log-ins.

I completely agree with Christina that e-mail addresses are problematic.
One problem she didn't mention is that there are often many aliases for the
same inbox and people never are sure which one they used when.
Is it dmalouf@, or david.malouf@ or david_malouf@ or even davidmalouf@?

But I do have to say we need to some up with something better than this 2
token system. It really isn't working b/c there are just a many problems of
using a "screen" name for a login as there is using an e-mail address.

Everyplace has different rules and different contexts that drive me to use
differen screennames. And let's not forget when one is taken you have to
edit yours.

THEN!!!! There are all the different password rules. I think Christina's
1234 is a great example of where people just don't care, understand why, or
are smart enough (uh? Educated enough) to deal with this 2 token system
sanely.

I mean how many people have a .txt or .xls file on their hard drive, or
worse a piece of paper listing all their ids and passwords.

It's just yucky!

-- dave

29 Oct 2006 - 5:36pm
Peter Trudelle
2004

The problem is not the use of email addresses as username. That can
hopefully always be done. The problem is in requiring it to be not only
*an* email address, but *your valid address*, and overloading it as the
primary means of contact, even though it can be lost with little or no
notice. If all you're looking for are the benefits of using an email
address as a unique identifier, why not just suggest that users enter
their email address, and accept it as their username?

Peter

Navneet Nair wrote:
> It does seem that each of the reasons cited by Lars against using
> emails can equally be used against usernames.

29 Oct 2006 - 6:14pm
jbellis
2005

Michael,
It looks like there are substantial arguments on both sides (with context
certainly being king), but on the particular issue you cited, are you saying
that email addresses are a poor choice because the functionality to support
them is almost always incomplete?

Isn't the remedy to finish the code? (This must be just another occurence of
the "unique identifier" problem. Even though the email address is used to
establish unique identification, the system must generate a serial
[database] number as the persistent, unique identifier. Then the email can
be reassigned. Fifty years of programming and people still won't finish the
code.)

-Jack
----- Original Message -----
From: "Michael Micheletti" <michael.micheletti at gmail.com>
To: "Peter Trudelle" <peter at trudelle.com>
Cc: "ixda" <discuss at ixda.org>
Sent: Sunday, October 29, 2006 9:33 AM
Subject: Re: [IxDA Discuss] email address as username

> [Please voluntarily trim replies to include only relevant quoted
> material.]
>
> Agree with #3 very much. Not long ago I went through considerable trouble
> to
> change my email address for a number of websites. Some of the processes
> were
> insane - I can't remember how many different confirmatory emails to both
> old
> and new addresses came my way from paypal. There were a couple of sites
> that
> I was just not clever enough to succeed at changing my address on. I
> recommend that other IxD folks try this exercise sometime as an object
> lesson in how not to design processes. As if we needed any more "how not
> to"
> lessons :-)
>
> Michael Micheletti
>
>
> On 10/27/06, Peter Trudelle <peter at trudelle.com> wrote:
>>
>> [Please voluntarily trim replies to include only relevant quoted
>> material.]
>>
>> I agree that requiring email addresses for userIDs, and especially
>> overloading their use as the primary means of contact, is a very bad
>> practice, for the reasons you cite, plus:
>> ...
>> 3. Such sites typically do not provide for changing the username when
>> an email address changes, or migrating the account information, so
>> that the account must be closed or abandoned and a new one
>> started. You might as well start a new account with a competitor
>> who does not seek to save themselves development time/effort at
>> your expense.
>>
>> Peter
>>
> ________________________________________________________________
> Welcome to the Interaction Design Association (IxDA)!
> To post to this list ....... discuss at ixda.org
> List Guidelines ............ http://listguide.ixda.org/
> List Help .................. http://listhelp.ixda.org/
> (Un)Subscription Options ... http://subscription-options.ixda.org/
> Announcements List ......... http://subscribe-announce.ixda.org/
> Questions .................. lists at ixda.org
> Home ....................... http://ixda.org/
> Resource Library ........... http://resources.ixda.org
>

31 Oct 2006 - 4:48pm
jbellis
2005

Christina,

I can see that some users have the "multiplicity" problem with email
addresses and others have it with arbitrary names, and that determines which
system one thinks is more flawed, irrespective of the anecdotal research.
Perhaps if we were all told years ago to come up with bizarre usernames the
problem wouldn't exist.

I suspect that Robert's suggestion of making email addresses optional is
heading us in the right direction, and if so, there might only be a couple
of additional functional requirements to iron out. For instance, someone
shouldn't be able to succeed in using an email address that belongs to
another person. (This requires a verification bounce email, if that's the
right term, if the login name is a viable email address.) The other
requirement would seem to be disconnecting the login name from the internal,
unique identifier, so users could change it even if they used an email
address.

Does Robert's suggestion work for you?
Will PublicSquare allow @ and . in its login/user names, or is the
question inapplicable?

-Jack

>>>>Robert Barlow-Busch:
I believe that sites should not *require* an email address as the
userID. It's common for some folks to have multiple addresses (which
...
--

Syndicate content Get the feed