Search code examples
authenticationweb-applicationsaccount

What to use for login ID?

We are in the early design stages of a major rewrite of our product. Right now our customers are mostly businesses. We manage accounts. User names for an account are each on their own namespace but it means that we can't move assets between servers.

We want to move to a single namespace. But that brings the problem of unique user names.

So what's the best idea?

  • Email address (w/verification) ?
  • Unique alpha-numeric string ("johnsmith9234")?
  • Should we look at OpenID?
Solution

  • EMAIL ADDRESS

    Rational

    1. Users don't change emails very often
    2. Removes the step of asking for username and email address, which you'll need anyway
    3. Users don't often forget their email address (see number one)
    4. Email will be unique unless the user already registered for the site, in which case forward them to a forgot your password screen
    5. Almost everyone is using email as the primary login for access to a website, this means the rate of adoption shouldn't be affected by the fact that you're asking for an email address

    Update

    After registration, be sure to ask the user to create some kind of username, don't litter a public site with their email address! Also, another benefit of using an email address as a login: you won't need any other information (like password / password confirm), just send them a temp password through the mail, or forgo passwords altogether and send them a one-use URL to their email address every time they'd like to login (see: mugshot.org)