Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What are the pros and cons of using an email address as a user id?

Tags:

authentication

email

registration

I'm creating a web app that requires registration/authentication, and I'm considering using an email address as the sole user id. Here are what I see as the pros and cons (updated with responses):

PROS

  1. One less field to fill out during registration (it would just be email address, password, and verify password). I'm a big fan of minimalistic registration.

  2. An email address is easier to remember. (thanks Mitch, Jeremy)

  3. You don't have to worry about your favorite username being taken already - you're the only one who uses your email address. (thanks TStamper)

CONS

  1. User has more to type every time they log in.

  2. What if a user wants multiple accounts? They'll need another email address. (Do I even want a user to be able to create multiple accounts?)

  3. Easy for a potential attacker to guess (if they know the target's email address, they know the login id). (thanks Vasil)

  4. Users may be tempted to use the same password they use for their email account, which is bad security. (thanks Thomas)

  5. If you change email addresses frequently, it may be difficult to remember which address you used to sign up for a site after a long hiatus. (thanks Software Monkey)

  6. A hacker could spam the registration form and use "email already taken" responses to generate a list of valid emails. (thanks David)

  7. Not everyone has an email address. (thanks Nicholas)

If I went with email as id, I would provide a mechanism to allow it to be changed in the event a user changes address. In this case users would not be posting content to a public site, so a separate username won't be necessary to protect the email addresses (but it is something to consider for other sites).

Another option is to implement OpenID (which is a whole other debate).

This seems to work for Google, but their services are tightly integrated. What have I missed in my analysis? Do you have any recommendations? Does anyone have experiences to share?

FINAL EDIT

Thank you all for your responses. I have decided to use email as an id, but then allow the creation of a username for login purposes after registration. This allows a little flexibility while keeping registration as short as possible. It also prevents problems when a user changes email addresses (they can just log in with their username and update it). I will also be implementing methods to prevent brute-forcing of email addresses out of the registration and login systems (mainly a cool-down period after repeated attempts).

like image 736
vamin Avatar asked Mar 15 '09 02:03

vamin

People also ask

Should you use your email address as a user ID?

Don't make your e-mail address your user ID Using your e-mail address to sign into accounts has its benefits. Your ID is unique and easy to remember, and it makes it simple for a service to contact with you when, say, you forget your password. But in some cases, the risks of doing so could outweigh the benefits.

Is email ID same as username?

They're not. An email name (also known as a sender name) is the name that's displayed when you send an email. Your email username, however, is your email address. For example, in the image below, the email name is “John” and the username is “[email protected]”.

Why would someone use my email to make an account?

It may give them information they need to steal money or uncover other personal information that can then be sold on the web. They can also mine your contacts list to send out phishing emails and/or malware to compromise even more accounts or defraud the people you know!

Why is a user ID important?

User identification or user ID is a unique identifier to determine users around software systems, websites, or in any general IT environment. It is essential for any IT-supported system to distinguish users who access or use it. User ID is especially handy for logging into a website, application, or online service.

2 Answers

Personally, I prefer just using my email address as a username. It's one less thing to remember, and I never have to worry about my preferred name being already taken.

Just my 2 cents!

like image 101
Jeremy Avatar answered Sep 21 '22 15:09

Jeremy

I think you missed a PRO:

Users are likely to remember their email address; and as email addresses are unique, they never have to worry about their preferred username being taken already.

like image 35
Mitch Wheat Avatar answered Sep 21 '22 15:09

Mitch Wheat
Sign in to Comment

Related questions

What is the actual minimum length of an email address as defined by the IETF?
Using curl to send email
Specify the from user when sending email using the mail command
Clearly documented reading of emails functionality with python win32com outlook
Ruby Email validation with regex
How to send HTML email using linux command line
Launch Apple Mail App from within my own App?
Javamail Could not convert socket to TLS GMail
Are email addresses allowed to contain non-alphanumeric characters?
Email Address Validation for ASP.NET
What to do when - java.io.FileNotFoundException: No content provider?
Trying to attach a file from SD Card to email
How to send email using simple SMTP commands via Gmail?
Can there be an apostrophe in an email address? [duplicate]
php.ini & SMTP= - how do you pass username & password
New lines (\r\n) are not working in email body
Unable to send SMTP mails using office365 settings
Send HTML in email via PHP
Receiving email in Node.js
How to add a .dll reference to a project in Visual Studio

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!