Login Options: email or username?

Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.

Moderator: General Moderators

Post Reply
User avatar
mhakes
Forum Newbie
Posts: 4
Joined: Wed Nov 03, 2004 11:30 am

Login Options: email or username?

Post by mhakes »

Can anyone share with me their reasoning or experince with the following:

In designing a login script is there an advantage to requiring the user to supply an email address as their login identifier verses a user name?

When the user's email is the validation field I know that email addresses change and a more complex ereg is required but email addresses are seldom forgotten.

I know that when a user name is supplied they are easier to validate but they are often forgotten.

Can you tell me which you use (or perhaps a different validation field) and why?

Thank you for your experience!
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Post by Maugrim_The_Reaper »

I don't really see any major issues off the top of my head. So long as you ensure the email is validated, and then confirmed (i.e. sending an email to that account with a confirmation link) it should work fine. Maybe someone else has a downside to mention...
Roja
Tutorials Group
Posts: 2692
Joined: Sun Jan 04, 2004 10:30 pm

Re: Login Options: email or username?

Post by Roja »

mhakes wrote:In designing a login script is there an advantage to requiring the user to supply an email address as their login identifier verses a user name?
...
Can you tell me which you use (or perhaps a different validation field) and why?
I've used both as the identifier: The username, and the email.

We switched away from the email because the application was exposing the email address of users in one area. We could have fixed that (and later did), but it seemed 'better' to change to username.

Later, we switched back to email when we needed a multi-game login system, where the usernames might be different in different games, but email would be consistent.

However, I didn't use either as their validation. I send users a confirmation code via email for validation. Thats in addition to the player-chosen password. That way, they have something they remember (password), and if they forget that, they have something they can receive (c_code) at their established email address.
User avatar
mhakes
Forum Newbie
Posts: 4
Joined: Wed Nov 03, 2004 11:30 am

email verses username

Post by mhakes »

i am sure said:
However, I didn't use either as their validation. I send users a confirmation code via email for validation. Thats in addition to the player-chosen password. That way, they have something they remember (password), and if they forget that, they have something they can receive (c_code) at their established email address.
I like that idea. Thank you.
alvinphp
Forum Contributor
Posts: 380
Joined: Wed Sep 21, 2005 11:47 am

Post by alvinphp »

It depends on the type of site. If it is a community type site I would say a logon id as people dont always want to share email addresses. If it is anything else then the email address works just fine. When a new persion registers I still create a unique id and use that throughout the site as the key for the user. This way if the user does change their email it is much easier to do.
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Post by Maugrim_The_Reaper »

It depends on the type of site. If it is a community type site I would say a logon id as people dont always want to share email addresses. If it is anything else then the email address works just fine. When a new persion registers I still create a unique id and use that throughout the site as the key for the user. This way if the user does change their email it is much easier to do.
Not sure what you mean - but using an email address as a username for login purposes does not necessitate it being used as the "Handle" name for community sites (i.e. what's displayed as a name in forums/webpages). Email addresses should never ever be revealed to anyone else on the same site unless the user has specifically opted in to do so.
alvinphp
Forum Contributor
Posts: 380
Joined: Wed Sep 21, 2005 11:47 am

Post by alvinphp »

Maugrim_The_Reaper wrote:
It depends on the type of site. If it is a community type site I would say a logon id as people dont always want to share email addresses. If it is anything else then the email address works just fine. When a new persion registers I still create a unique id and use that throughout the site as the key for the user. This way if the user does change their email it is much easier to do.
Not sure what you mean - but using an email address as a username for login purposes does not necessitate it being used as the "Handle" name for community sites (i.e. what's displayed as a name in forums/webpages). Email addresses should never ever be revealed to anyone else on the same site unless the user has specifically opted in to do so.
If you are going to have a 'handle' (in a forum) then it has to be unique so what is the point of logging in with an email address when you can just login with your unique 'handle'? This is probably why most forums have you login with a handle and not an email address.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

it's more a privacy issue.
AGISB
Forum Contributor
Posts: 422
Joined: Fri Jul 09, 2004 1:23 am

Post by AGISB »

IMO I like it better if I have the flexibility to use whatever I like however using an email address as username could be a problem and nightmares.

e.g. Someone signs up with e.g. peter@yahoo.com. He cancels that account with yahoo and one of the trizillion other Peters grabs it. He then signs up with you and gets told he is already a member. A nightmare to think about all possible scenarios that can get wrong.

Even if it is not likly to happen I don't like the idea of a design that works on the pure chance something like this never happens.
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Post by Maugrim_The_Reaper »

If you are going to have a 'handle' (in a forum) then it has to be unique so what is the point of logging in with an email address when you can just login with your unique 'handle'? This is probably why most forums have you login with a handle and not an email address.
Very little ;) I was simply stating there was little *functionally* wrong with using an email address as a username for login purposes. Which there isn't. Its fairly common in some websites.
e.g. Someone signs up with e.g. peter@yahoo.com. He cancels that account with yahoo and one of the trizillion other Peters grabs it. He then signs up with you and gets told he is already a member. A nightmare to think about all possible scenarios that can get wrong.
Would happen anyway in most cases - most signups require an email address to send password recovery emails when needed by the user. And such emails are nearly always validated (almost all - some don't bother). If someone did ever cancel an email account - may cause issues, but that seems a rare event.

There being exceptions to all rules - I suspect the user would have to use an alternate email or contact the administrator.
Post Reply