Usernames Are So 1996

I’m sure it’s happened to you at some point, you visit a website that you registered with, maybe your company’s healthcare provider, but you’ve totally forgotten your username and password. If you’re anything like me, you have a few usernames you’ve used over the years and a few passwords you might have used, but which ones are they? A few minutes of trying and I usually give up and ask for my username and password to be e-mailed to me.

Usernames

This scenario happens to me over and over again and I never seem to get used to it. Is there another way? Are usernames really the best method for registering users?

This type of user registration is a bad idea and unnecessary.

  • Con: hassle to remember for users
  • Con: must be unique, so registering with a site where your ‘usual’ username is taken becomes a problem
  • Con: username nomenclature randomly varies from site to site, some allow spaces, some must contain a number, some must be 8 or more characters making it a problem to create a username that works for all sites
  • Con: Unless you have an ‘online community’ usernames add an additional level of complexity to any system

So smarty pants, if it were up to you, how would users register on a website?

By e-mail address.

  • Pro: totally individual
  • Pro: already remembered
  • Pro: serves as a way to verify registration

In essence we are all known by our e-mail addresses. Since everyone has one they serve as the perfect form of user verification.

So who is still using usernames in 2005?

  • Amtrak
  • American Express
  • Empire BlueCross BlueShield
  • eBay
  • Commerce Bank
  • HSBC
  • Roxio (although they have added e-mail option)
  • Network Solutions
  • GoDaddy
  • AIGA
  • Verizon
  • Adobe
  • Basecamp
  • Backpack

Shame, shame, shame!

So who should use usernames?

In essence, only e-mail hosting companies should use usernames, because in essence they are creating an e-mail address with their username. You couldn’t really have Yahoo expect an e-mail address to create an e-mail address, that would be akin to which came first the chicken or the egg?

5 Comments

  1. Lisa Cumbey

    So, email address-only logins are convenient enough, but what’s to keep someone from logging in with your email address? Why they’d do that? I don’t know, but there’s always someone with nothing better to do. I mean, there’s bound to be a “email hidden; JavaScript is required” or “email hidden; JavaScript is required“. I just made these up, but you know what I mean. Illegal? Yeah, like THAT works.

  2. Ben Whitehouse (Author)

    Well that’s where your handy dandy password would come in. All these methods would always use a password for that final piece of verification… I guess I implied that, but didn’t make the point explicit. With a password using e-mail addresses would be just as secure as a username.

  3. I can see two more positives in having usernames:

    1. An additional layer of security. Most people tend to use the same password as often as they can. Once their password is found out by somebody malicious, accessing other website accounts of the victim (without usernames) is as simple as entering the email address too. Simply forcing the user to pick a unique username (which for a site with as many users as eBay can be quite challenging) adds another barrier against nastiness.

    2. For community purposes. Again I’m thinking of eBay here. Usernames in eBay are frequently used as a descriptive name of the sellers (eg: MemorycardsCheap or RareToysMichigan). Using email addresses instead would not only be less colourful, but might actually discourage buyers in situations where the email sounds strange (email hidden; JavaScript is required) or foreign (email hidden; JavaScript is required).

    Don’t get me wrong – I hate usernames too. But i think that some websites still have legitimate uses for them.

  4. Ben Whitehouse (Author)

    James, unfortunately I’m not entirely convinced by your arguments. Sure if your password is found, it becomes a serious security issue but most users also use the same username, so by that same logic once they have found out your username and password it’s all over. But having your password hacked rarely happens… In fact, I have never heard of anyone hacking a password if it’s never been revealed by the user.

    Also, I would take a look at incredibly secure websites that use e-mail addresses such as “Amazon”:http://www.amazon.com/ or “Paypal.”:http://www.paypal.com/ Each deal with huge numbers of users and transfers of money without reported problems daily.

    I think you are right that usernames are more secure, but by how much? How much more secure are you with “sandrabullock” or “email hidden; JavaScript is required” I would argue only marginally. As the saying goes “Locks are designed by gentlemen” – meaning that crooks will always find ways to get in. Take, for instance, the scrupulous fishing techniques used to obtain ebay passwords, there is a website that uses usernames without much security benefit to their customers.

    As for community based sites, I too thought that usernames were the only option for creating an “online community” but was surprised to find two of the largest online communities “Friendster”:http://www.friendster.com/ and “Flickr”:http://www.flickr.com/ both use e-mail addresses for log-in. Once you’re in the system you can have any individual user identity you like which is displayed to other users.

    I still cannot think of any legitimate use of usernames other than e-mail hosting companies. They just don’t make sense.

  5. I’ve programmed a number of e-commerce systems, and on my latest system I chose usernames over email addresses, for a number of reasons:

    1. I have a lot of email addresses, and on email-address based systems, I often can’t remember which address I used. That leads to a lot of work to log in, because when the login fails I don’t know if I’ve used the wrong email address or the wrong password. So, I end up trying dozens of combinations, and often just try all my email addresses through the ’email me my password link’ (if one exists).

    2. Community – my newest venture is a C2C trading site, and it helps to have a username to show on the site rather than an email address. I realize you can ask the user for a ‘nickname’ or ‘screen name’, but that’s another step for the user.

    3. Many of these systems will not let the user change his/her email address after registering, as that would change the user’s “username”. This makes for trouble when you close an email account or change jobs.

    4. In my last venture, many users simply re-registered when they lost/closed their existing email account. That makes for a mess in customer records.

    5. Why does every site I use need my email address? Almost all sites ask for it, but in many cases you can enter email hidden; JavaScript is required and still get a valid account.

    6. What if someone wants two accounts with the same email address attached? We have sellers on our platform that have business and personal accounts, and want the same email address for both. Sites like Amazon and PayPal require the email address used to be unique.

    I can see a lot of cases where an email address as a “username” makes sense. What I’m thinking of doing is offering both – let the user choose a username or use their email address. That seems like a solve that makes everybody happy.

Leave a Reply