ID vs email address

29 Jan 2009 - 4:00am
5 years ago
15 replies
22462 reads
Yohan Creemers
2008

The email address as user id is becoming the preferred way in my
opinion.

Pros:
an email address is unique;
an email address is easy to remember;
in many cases the system requires the email address also for sending
messages.

Cons:
still not everyone has an email address;
an email address may change over time.

Did you consider OpenID?
http://openid.net/

- Yohan

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Posted from the new ixda.org
http://www.ixda.org/discuss?post=37879

Comments

29 Jan 2009 - 4:30am
Gavin Bell
2009

Hi all

The primary advantage of not using email address as the sole unique
key is that it allows for someone to have multiple email addresses
associated with their identity. This is a lot more common than you
might expect. Many sites now allow for multiple email addresses to be
associated with a person, eg linkedin and yahoo. Typically one email
address is primary and used for communication between the site and
individual.

Another benefit, it enables discovery of a person by friends and work
colleagues.
eg
joe at gmail.com
joe.smith at company.com
j.smith at previous.com

All three of these are valid identifiers for Joe, but some people will
know him as a friend, some as a work colleague and some from his
previous employer.

The downside is that a screen name is often required to represent the
person on the site, eg zzgavin, my handle on twitter (http://twitter.com/zzgavin
is a manifestation of it) represents me instead of my email address,
giving me privacy and avoiding spambots, but at the expense of another
identifier to remember.

Identity representation is best done via a screen name

identity validation (login) can be either primary email or screen
name, allow both as an access mechanism. Screen name maps to a unique
email address, one that has been verified and is primary. The email
address maps to a unique internal ID which gives the means of logging
in.

OpenID is a useful approach too, but the screen name arguments apply
too, as you often need a unique handle to refer to people with. Also
many people don't think they have an OpenID, so you will need to
support email anyway.

We've been looking at this a lot recently at work (nature.com)
thanks
Gavin

On 29 Jan 2009, at 03:35, Mark Johnston wrote:

> Would love to hear peoples thoughts on the whole ID vs Email address
> for registration or signing into a website. We have been debating
> and discussing things for a good while at work to come up with the
> most accepted/usable low barrier to entry system that we can
> conceive for our customers to interact with us.
>
> Unfortunately when looking around it is pretty much a 50/50 with
> what the rest of the web are doing. Has anybody done any research or
> have opinions for the pros and cons for each device? It really is a
> sticking point for a lot of people in the business right now with
> everybody having their preferred method.
>
> Mark Johnston

29 Jan 2009 - 6:31am
Anonymous

I think use the email address as the user id is a better way.
pros:
people often forget their different ids for different websites,but no
one forgets his or her email address;
sometimes,people can not use some ids they want because somebody has
registered them before;
email addresses are often used to keep the ids safe;
cons:
some people don't like too many emails with their id information
sent by different websites;
some people don't check their emails frequently.

All the best!

Angela

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Posted from the new ixda.org
http://www.ixda.org/discuss?post=37879

29 Jan 2009 - 12:44pm
Jeff Howard
2004

Hi Mark,

There's an extensive discussion on this topic in the IxDA archives:

Email address as username
http://www.ixda.org/discuss.php?post=12228

// jeff

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Posted from the new ixda.org
http://www.ixda.org/discuss?post=37879

29 Jan 2009 - 8:39pm
Joshua Porter
2007

Randy Farmer discusses a solution called the Tripartite Identity,
which discusses these issues in-depth:

http://thefarmers.org/Habitat/2008/10/the_tripartite_identity_patter_1.html

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Posted from the new ixda.org
http://www.ixda.org/discuss?post=37879

29 Jan 2009 - 6:57pm
Daniel Stern
2009

There is no question that a user should be able to sign into a website
account using any of the emails associated with their account, AND the
username they have created for the site. For interaction on the site,
it is better to identify the user by their username (as opposed to
email)... but when it comes to signing in, either should work.

I also now recommend, in addition to OpenID which has been mentioned
here a couple of times, considering using Facebook Connect. It is not
only an easy and convenient way to sign in, but it also allows the
user to broadcast interaction on your site, back to their facebook
newsfeed.... now you are getting free advertising to that users
relevant social group. Secondly, integrating Facebook Connect also
allows you to see that users Facebook profile information, and the
information of their friends... you can only store it for a day (I
think), but you can create experiences that are highly tailored to
the individual user because you know so much about them.

I strongly advise looking into it... it is one of the most powerful
advances in SSID and the social graph that we have seen to date.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Posted from the new ixda.org
http://www.ixda.org/discuss?post=37879

29 Jan 2009 - 3:28pm
Anonymous

What kind of a site is it? The security you need to have should be a
primary driver in this one. An email address is EASILY phishable.
If I know your (or any) email address, I am half way into your
account. I am just one weak password away from your details.

Also, what is the user opinion on HAVING to supply you with an email
address? I wouldnt cough mine up easily, but I would easily cough up
my handle.

If your site 100% relies on needing an email address, and your site
does not have a lot of security concerns, then use it. Why not.
Otherwise, consider a handle instead.

Chris

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Posted from the new ixda.org
http://www.ixda.org/discuss?post=37879

30 Jan 2009 - 7:12pm
usabilitymedic
2008

I have not done any work or research in this area but based on
personal experience, I agree with Yohan for precisely the same three
reasons.

I'll also add the following for your consideration:

Despite being someone who has multiple email addresses, I would still
have an easier time figuring out which one of them to use versus
trying to remember which user ID to use (from the multitude of
variations that I have had to craft over the years based on the
different requirements each website has imposed).

As for email addresses changing...yep it's a drawback Am currently
noodling ideas for the best way to manage this on my end. Didn't think
about what sites could do to help.

First thing that comes to mind is something I've seen a few
times...providing for an alternate email address as backup. Still has
similar issues but it's a start.

Sent from my iPhon

On Jan 29, 2009, at 1:00 AM, Yohan Creemers <yohan at ylab.nl> wrote:

> The email address as user id is becoming the preferred way in my
> opinion.
>
> Pros:
> an email address is unique;
> an email address is easy to remember;
> in many cases the system requires the email address also for sending
> messages.
>
> Cons:
> still not everyone has an email address;
> an email address may change over time.
>
> Did you consider OpenID?
> http://openid.net/
>
> - Yohan
>
>
>
> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> Posted from the new ixda.org
> http://www.ixda.org/discuss?post=37879
>
>
> ________________________________________________________________
> Welcome to the Interaction Design Association (IxDA)!
> To post to this list ....... discuss at ixda.org
> Unsubscribe ................ http://www.ixda.org/unsubscribe
> List Guidelines ............ http://www.ixda.org/guidelines
> List Help .................. http://www.ixda.org/help

1 Feb 2009 - 12:41pm
Amy Silvers
2007

I appreciate this discussion, as I'm currently working on a variation
of this issue: transitioning users from usernames to email addresses
as their logins and identifiers on a site. It's being triggered by a
change to a new platform, and unfortunately, it won't be an optional
change, so I'm trying to find the best ways to mitigate the pain. My
guess is that many users will actually welcome the shift rather than
resenting it, because it seems to be increasingly common practice to
use email address as login, but we've got a user base with a
relatively low comfort level with technology and a history of
resistance to change, so it's going to be a challenge.

On the issue of email addresses changing, I wonder if this is becoming
less of a problem as more and more people use Gmail. I know I no
longer use the email address provided by my ISP for almost anything,
preferring to use my Gmail addresses for most of my online presence,
in part for the exact reason that it doesn't change even if I move,
switch ISPs, etc. And though I'm not really a typical user, my sense
is that a lot of "ordinary" users are doing this too. I have no
statistical evidence to back up that assumption, though, just
anecdotal experience.

2009/1/30 USABILITY MEDIC <medic at usabilitymedic.com>:
> I have not done any work or research in this area but based on personal
> experience, I agree with Yohan for precisely the same three reasons.
>
> I'll also add the following for your consideration:
>
> Despite being someone who has multiple email addresses, I would still have
> an easier time figuring out which one of them to use versus trying to
> remember which user ID to use (from the multitude of variations that I have
> had to craft over the years based on the different requirements each website
> has imposed).
>
> As for email addresses changing...yep it's a drawback Am currently noodling
> ideas for the best way to manage this on my end. Didn't think about what
> sites could do to help.
>
> First thing that comes to mind is something I've seen a few
> times...providing for an alternate email address as backup. Still has
> similar issues but it's a start.
>
>
> Sent from my iPhon
>
> On Jan 29, 2009, at 1:00 AM, Yohan Creemers <yohan at ylab.nl> wrote:
>
>> The email address as user id is becoming the preferred way in my
>> opinion.
>>
>> Pros:
>> an email address is unique;
>> an email address is easy to remember;
>> in many cases the system requires the email address also for sending
>> messages.
>>
>> Cons:
>> still not everyone has an email address;
>> an email address may change over time.
>>
>> Did you consider OpenID?
>> http://openid.net/
>>
>> - Yohan
>>
>>
>>
>> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
>> Posted from the new ixda.org
>> http://www.ixda.org/discuss?post=37879
>>
>>
>> ________________________________________________________________
>> Welcome to the Interaction Design Association (IxDA)!
>> To post to this list ....... discuss at ixda.org
>> Unsubscribe ................ http://www.ixda.org/unsubscribe
>> List Guidelines ............ http://www.ixda.org/guidelines
>> List Help .................. http://www.ixda.org/help
>
> ________________________________________________________________
> Welcome to the Interaction Design Association (IxDA)!
> To post to this list ....... discuss at ixda.org
> Unsubscribe ................ http://www.ixda.org/unsubscribe
> List Guidelines ............ http://www.ixda.org/guidelines
> List Help .................. http://www.ixda.org/help
>

1 Feb 2009 - 3:18pm
Jared M. Spool
2003

On Feb 1, 2009, at 9:41 AM, Amy Silvers wrote:

> On the issue of email addresses changing, I wonder if this is becoming
> less of a problem as more and more people use Gmail.

In our research, we've seen free email, such as Gmail and Yahoo! mail
increase the problem for many people.

They end up now with one or more free email accounts, an ISP account
(which may have changed domains due to mergers and acquisitions, such
as roadrunner.com -> ATTbi.com -> ATT.com), and work email accounts.

The big problem isn't for frequently used sites. Those most users can
usually remember since last use.

It's for sites they use infrequently, such as an e-commerce site they
only use around the holidays. The problem become remember which email
address you signed up under. That's where we see a lot of abandonment
issues.

That's my $0.02.

Jared

Jared M. Spool
User Interface Engineering
510 Turnpike St., Suite 102, North Andover, MA 01845
e: jspool at uie.com p: +1 978 327 5561
http://uie.com Blog: http://uie.com/brainsparks Twitter: jmspool
UIE Web App Summit, 4/19-4/22: http://webappsummit.com

1 Feb 2009 - 3:55pm
Amy Silvers
2007

Interesting. So the "disposable" email address also appears less
likely to be memorable.

2009/2/1 Jared Spool <jspool at uie.com>:
>
> On Feb 1, 2009, at 9:41 AM, Amy Silvers wrote:
>
>> On the issue of email addresses changing, I wonder if this is becoming
>> less of a problem as more and more people use Gmail.
>
> In our research, we've seen free email, such as Gmail and Yahoo! mail
> increase the problem for many people.
>
> They end up now with one or more free email accounts, an ISP account (which
> may have changed domains due to mergers and acquisitions, such as
> roadrunner.com -> ATTbi.com -> ATT.com), and work email accounts.
>
> The big problem isn't for frequently used sites. Those most users can
> usually remember since last use.
>
> It's for sites they use infrequently, such as an e-commerce site they only
> use around the holidays. The problem become remember which email address you
> signed up under. That's where we see a lot of abandonment issues.
>
> That's my $0.02.
>
> Jared
>
> Jared M. Spool
> User Interface Engineering
> 510 Turnpike St., Suite 102, North Andover, MA 01845
> e: jspool at uie.com p: +1 978 327 5561
> http://uie.com Blog: http://uie.com/brainsparks Twitter: jmspool
> UIE Web App Summit, 4/19-4/22: http://webappsummit.com
>

1 Feb 2009 - 5:27pm
DampeS8N
2008

I had an idea for reducing abandonment. It is normally pretty easy to
detect a collision between an old account and a new one. They will
have much of the same personal info associated with it, if your site
collects that info. So, if two William Bralls from the same city and
state show up, you could offer on creation a list (hopefully a
single) of accounts that seem to be that person based on collected
data.

Then you allow that person to pick from a selection of options, say:

That's ME! Remind me how to log into it!
That WAS me, let's delete the account!
That is me, and I want to keep both!
That isn't me...

Possibly others. So long as they mirror existing systems for
recovering passwords and accounts. Most sites have a 'send you your
password/login' system. That could be used to send the other account
their login info, assuming the account creation process has provided
the same level of knowledge about the old account by accident as the
password recovery system requires through choice. (Such as entering
the e-mail address associated with the account, or the username, or
both)

This could be taken to any extreme imaginable. So long as the hinge
is the old account, and the new account is destroyed when the user
logs back into the old account.

That account is also alerted that this has happened, in case it was
an attempt to gain access. But it would be just as secure as your
existing system was.

------

I find it is much more of a drag to have to remember a password than
it is to remember a handle. Most people fall into using something
regular. This e-mail and this handle with these additions if it is
taken.

The password tends to be the big one, especially with any kind of
'stay signed in' option.

I could figure out how to long into amazon if I lost my cookie... But
that password is from at least half a decade ago, I don't know what
it would be. I would have to guess.

More-over, I find most passwords that lock you out after so many
attempts have a crazy low number for when to lock out. The only
reason I can think of to do this is so someone who knows the user has
a better chance of guessing the password.. However, I see it used
mostly in situations where the user has had to jump through a million
hoops to make that password, rendering it very hard to guess.

Unless the rules are so strict that the user uses the same password
with 0 to 9 after it... In which case the hacker gets 3 chances. So
you now have a password with, under the right conditions, about a 1
in 3 chance of being broken... Lovely.

Why set this to 3 guesses? Why not 10?

I much rather worry about this problem then e-mail/login... which has
an obvious solution. Let the user pick which to use when they sign on.
Gives them double the chance to manage to log in...

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Posted from the new ixda.org
http://www.ixda.org/discuss?post=37879

2 Feb 2009 - 12:34am
Jared M. Spool
2003

The problem isn't remembering the email address. The problem is
remembering *which* of the 3+ email addresses goes with whatever
number of standard passwords. It becomes a combinatorial issue.

Jared

On Feb 1, 2009, at 12:55 PM, Amy Silvers wrote:

> Interesting. So the "disposable" email address also appears less
> likely to be memorable.
>
> 2009/2/1 Jared Spool <jspool at uie.com>:
>>
>> On Feb 1, 2009, at 9:41 AM, Amy Silvers wrote:
>>
>>> On the issue of email addresses changing, I wonder if this is
>>> becoming
>>> less of a problem as more and more people use Gmail.
>>
>> In our research, we've seen free email, such as Gmail and Yahoo! mail
>> increase the problem for many people.
>>
>> They end up now with one or more free email accounts, an ISP
>> account (which
>> may have changed domains due to mergers and acquisitions, such as
>> roadrunner.com -> ATTbi.com -> ATT.com), and work email accounts.
>>
>> The big problem isn't for frequently used sites. Those most users can
>> usually remember since last use.
>>
>> It's for sites they use infrequently, such as an e-commerce site
>> they only
>> use around the holidays. The problem become remember which email
>> address you
>> signed up under. That's where we see a lot of abandonment issues.
>>
>> That's my $0.02.
>>
>> Jared
>>
>> Jared M. Spool
>> User Interface Engineering
>> 510 Turnpike St., Suite 102, North Andover, MA 01845
>> e: jspool at uie.com p: +1 978 327 5561
>> http://uie.com Blog: http://uie.com/brainsparks Twitter: jmspool
>> UIE Web App Summit, 4/19-4/22: http://webappsummit.com
>>

2 Feb 2009 - 3:15am
Mat Atkinson
2008

Email certainly seems to be an easy way to solve the memory issue.

If you do go down the route of using email, then you could think
about allowing users to create email aliases - all of which would
work as a login ID. This would help solve the "which email did I
use" problem, although would reduce security.

Alternatively, if you go down the username route then allow users to
use an email address as their username. This then makes it the
user's choice whether to use email as a login ID.

Mat Atkinson
http://www.proofhq.com

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Posted from the new ixda.org
http://www.ixda.org/discuss?post=37879

2 Feb 2009 - 9:14am
Amy Silvers
2007

Allowing but not requiring email address as username seems like a very
good solution to me; it's unfortunately not an option in the project
that I'm working on, but I did advocate for it initially before
getting vetoed. I know I've seen examples of it in the wild, but I
couldn't come up with many when I was making my case. Does anyone know
of any large-scale sites that permit both user-created username and
email address as "usernames"?

2009/2/2 Mat Atkinson <mat.atkinson at proofhq.com>:
> Email certainly seems to be an easy way to solve the memory issue.
>
> If you do go down the route of using email, then you could think
> about allowing users to create email aliases - all of which would
> work as a login ID. This would help solve the "which email did I
> use" problem, although would reduce security.
>
> Alternatively, if you go down the username route then allow users to
> use an email address as their username. This then makes it the
> user's choice whether to use email as a login ID.
>
> Mat Atkinson
> http://www.proofhq.com
>
>
> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> Posted from the new ixda.org
> http://www.ixda.org/discuss?post=37879
>
>
> ________________________________________________________________
> Welcome to the Interaction Design Association (IxDA)!
> To post to this list ....... discuss at ixda.org
> Unsubscribe ................ http://www.ixda.org/unsubscribe
> List Guidelines ............ http://www.ixda.org/guidelines
> List Help .................. http://www.ixda.org/help
>

3 Feb 2009 - 4:20pm
Christopher Jam...
2009

It may be around 50/50 between user ID and email today, but email is
becoming a lot more common. I strongly advocate for email because people
have enough things to remember, and each site out in the wild loves to
impose its own arbitrary requirements for user IDs (at least x characters,
at least one number, at least one capital letter, etc.). This lack of
standardization in user IDs effectively prevents users from using the same
user ID for all sites, which means the user has more to memorize. This
produces great distaste for the site and will likely result in more clicks
of the "Forgot User ID" link.

Email addresses, on the other hand, are well defined (
http://tools.ietf.org/html/rfc5322#section-3.4.1), so validation is
straightforward and users can use the same email address for all sites that
accept email addresses. What's more, email addresses are likely more easily
remembered than user IDs because of how often they are used.

One con to email addresses that comes to mind is that they are longer to
type. However, this objection is easily overcome by their ease of recall,
by Remember me checkboxes, and by browsers' save password functionality.

One pro to user IDs is that users can always click Forgot user ID and have
it sent to their email addresses. If a user forgets his/her email address,
what do you do then?

A great model to follow is that of Facebook.com, which allows a user to sign
in with any of the email addresses that the site has on file for a user.
Facebook recognizes that people sometimes change email addresses and
there's no need to punish someone for doing that.

On Jan 29, 2009 4:00 AM, "Mark Johnston" <mjohnston at austar.com.au> wrote:

Would love to hear peoples thoughts on the whole ID vs Email address for
registration or signing into a website. We have been debating and discussing
things for a good while at work to come up with the most accepted/usable low
barrier to entry system that we can conceive for our customers to interact
with us.

Unfortunately when looking around it is pretty much a 50/50 with what the
rest of the web are doing. Has anybody done any research or have opinions
for the pros and cons for each device? It really is a sticking point for a
lot of people in the business right now with everybody having their
preferred method.

Mark Johnston

========================================================
This Message has been scanned for Viruses by AUSTAR Communications Antivirus
and content checking applications.
AUSTAR Communications
========================================================

________________________________________________________________
Reply to this thread at ixda.org
http://www.ixda.org/discuss?post=37879

________________________________________________________________
Welcome to the Interaction Design Association (IxDA)!
To post to this list ....... discuss at ixda.org
Unsubscribe ................ http://www.ixda.org/unsubscribe
List Guidelines ............ http://www.ixda.org/guidelines
List Help .................. http://www.ixda.org/help

Syndicate content Get the feed