(651) 237-9922

Don't use email addresses for logins!

Why?

From a discussion on Slashdot:

pros for using email as login:

1. guaranteed unique, though you'd be a fool to not have check.
2. users forget it slightly less
3. you have to send verification/password anyway

cons for using email as login:

1. What if a user has more than one email address?
2. Email addresses make reasonable unique keys, but slow indexes, especially since many are very similar
3. users may use disposable [spamgourmet.com] email addresses and suddenly you cannot contact them

However, if you read what prompted the discussion in the first place:

"CNet is running a story about how spammers and phishers can learn about our surfing habits to better target their attacks. According to the article, web sites that use e-mail addresses as IDs are vulnerable to attacks that could leak their users' email addresses. These attacks are performed by requesting a password reminder for an address or trying to register with it."

You begin to see other problems more related to security and privacy, rather than just design/implementation issues.

The best quote though:

"Here's another one, and it ties into the original posting: it's the same problem as using biometrics for identification: using an ID or password that's hard to change. You don't want to use that kind of ID casually, because you want to make sure that people who have your ID have an incentive to be at least as careful with it as you would be.

If you use your thumbprint to pay for a drink at a bar, how good a job do you think the bar is going to do about making sure someone else doesn't game their sensor with a bit of latex on their fingertip? If someone steals your credit card, you can cancel it and get a new credit card. If someone steals your thumbprint you're hosed.

This is the same kind of thing. If someone finds out that there's someone with the handle "fishdan" on slashdot, they don't have anything useful. If they have your email address, they have something useful that's hard to change (look at me, I'm using year-tagged email addresses and I'm thinking of going to month tags). Plus, if you DO change your email address you have to change it EVERYWHERE (which is why I've got spam filters that reject entire countries for my main email address... because I've had it for about as long as personal domains have been available and I'm really loath to dump it).

And because of all this, what this means is that all email addresses have to be treated as disposable, even the supposedly private ones you use for account registration only. Which means that now your email address has the same problem as any other name: you have to remember a bunch of them, you have to remember where you used them, and if you only keep 'em long enough for the verification you can't relogin with the old address."

Ultimately, you can't treat email addresses as a no-collision domain, and worse, you have to treat them as disposable.

Why Choose MagicLamp Networks?

Results-Driven. Focused on Your Success.

We know that your website is a financial asset to your business. We're here to help you reach your business goals and get you the highest possible return on your investment. Our clients' ROI is how we measure our success.

Business-Specific Design.

We help you assess your business needs quickly and accurately, identify what sets you apart from the pack, and communicate it in ways that make clients listen. Because we build sites from the ground up, we can give you the most effective custom tools for marketing your specific products or services.

Complete End-to-End Services.

Don't have your own designer? Not sure how to word your mission statement? No problem. Whether it's branding, copywriting, or full-service technical support, MagicLamp provides everything you need to build a complete web presence.

Online Marketing Expertise.

We use current "white hat" SEO practices to push your site high up in search result ratings so you see traffic rolling in as quickly as possible.

Over 20 Years Of Client Partnerships.

We’ve been making websites since the internet was young. We build long-term relationships with our clients based on results. Many of our current partners have trusted us with their online success for over 5 years.

Websites that Work the Way You Do.

Our sites work the way you do, not the other way around. There's no need to change the way you already do business when you choose Magic Lamp. We’ll make sure your website complements your workflow without complicating it.