should i allow user to change email when using email as username? [closed]

Question

I am using the email address as a username and am allowing users to change their email... which obviously also changes their login. Is there any reason why allowing this flexibility would be a problem? users are tracked with userid.

thanks

Answer 1

The capability of changing the mail address is essential, otherwise a user might lose all his data on your site because he might no longer be able to access it (password recovery wouldn't work anymore).

Just make sure the new e-mail address is verified and keep the old one (and only that one) active until the verification is performed!

I don't exactly understand what you mean with

my concern is that i can pass my account to someone else and that new person inherits the prior persons history but can change the email AND the display name, and be a complete fraud

Should somebody pass his account so someone else, your outta luck. Even if you required short message pin / cellphone authentication, you'd still have to give the user the option to also change his cell number.

Snail mail and real names (i.e., the banking approach) are an option, but that is slow and quite expensive.

Answer 2

I would recommend keeping track of both old and new e-mails and allow them to login with either. FogBugz has a username field as well as e-mail with support for multiple e-mail addresses and users can login with any e-mail address or their chosen username.

Don't make things harder for the user when it's easy to program around.

Answer 3

If your system contacts the user with information regarding his/her account via e-mail, I think allowing the user to change his/her e-mail should be allowed.