I tried to log in to an old last.fm account today, which I have not accessed in years. This should be simple for me using my handy-dandy password algorithm method – except that Last.fm wants to throw a curveball my way. They require a username and password to login. And, as their designers cackle maniacly smoking Havana cigars in their evil island fortress, they even require a username to retrieve forgotten passwords.
Let me make it clear to Last.fm and every other website in existence: I haven’t the foggiest clue what your specific username requirements were when I registered, or whether I decided to use my first name, full name, moniker, or favorite Steinbeck character. But I do remember something very well – the same email that I’ve used for the last 6 years. Ask me for that for login credentials, and we’ll get along just fine.
Interaction Designers – I’m looking squarely at you. This is our job. In my opinion, a username is a completely invalid login requirement for all but the most fundamental credentials, such as your OS account, or for bank accounts (which can claim the “higher security” excuse). What do you think?
— Update —
@salConigliaro points out, “At the very least let me use my email address as my username.” While I agree, this also means that your publicly displayed username, assuming that’s why the user name exists in the first place, has to be your email address. For both privacy and formatting concerns, this may be less than ideal.
Right things! Look at Friendfeeds authorization model. I find it most user-friendly: you can use both of email or login for authorization.
I agree. The user name can be used to keep a email address private, but to actually log into the system the email address is not only unique, but memorable. I can remember every email address I’ve ever had (in over 15 years of being on the net).
While I totally agree with the nightmare of login schemas, I do enjoy having the option of using email or username for login on a site (like Twitter). I plan on offering both options on future UI designs for login forms. There really should be a law.
However, being constantly aware of security and bots and spiders and the other evil minions of the phishers on the interwebs, I have taken the (slightly paranoid) route of setting up a Gmail account specifically for the purpose of logging into accounts. While this won’t help my current registrations, I will be using it going forward.
Why Gmail? Well, 1st it’s free; 2nd Gmail’s spam filter is pretty hard to beat; 3rd I can pretty much access Gmail from anywhere (desktop mail client, web, mobile device). It allows not only the inevitable spam a place to die a slow 30 day death, but also keeps my personal email inbox(es) clean and safe. It also provides a centralized dumping ground for all correspondence of my online life.
Just my 2¢
I think it really depends on the kind of site. There are some communicate that you’ll want to be involved in and you won’t particularly want to be using your real name. (Gaming communities are the best example).
I agree with Loren that it’s usually more cumbersome than it is helpful, and should probably never be used for the login credentials.
I think that reason that many system designers end up employing a username instead of an email address, is because designing the logic for the case of a user having to change their email address ends up being too complex.
You’re right, it’s time to do something about this. *pulls up sleeves*