Why should usernames be unchangable?

Question

I read everywhere (and see in practice) that usernames should not be changeable. When I ask why, \'security\' is given as a reason.

I\'ve been searching for a definitive

Answer 1

A difficulty arises if users are allowed to switch to names that have been used in the past. If users are always identified using some identifier that will never change nor be reused, it may be possible to safely and sensibly use a username from a UI standpoint if all transactions record both the identity of the user performing the transaction and the username at the time the transaction was performed. In that case, something like a message-board post could be labeled "By: SuperCat (as Mighty Kitty)". Supercat would be the present username of the poster, and Mighty Kitty would be the username the poster had when the post was written.

Answer 2

Lots of answers. You probably have it settled by now. Here's my 2 cents:

Don't let people change their names. Not for security or anything, but because it can reflect poorly on your site. People know a user as xxx and they change to yyy, then their reputation can fade as well. Abusive users will just plague your system with constant changes.

URL indexing: If you are indexed like so - www.somewhere.com/user/awesomeGuy then awesomeGuy changes name to stupidGuy then you lose your indexed results and you get 404 errors or some such when google spiders crawl the site. You will benefit more by having username URLs than allowing people to change their usernames. These days, the ability to change your username is not big on the list of "must haves" when people sign up for a site.

Time: Your time is more important than programming useless features like this.

Just my opinion. No security risks though, unless you don't clean your input.