发表新帖
发表新帖

What are the pros and cons of using an email address as a user id?

前端 未结
关注
15 1422
离开以前
离开以前 2021-01-29 20:15

I\'m creating a web app that requires registration/authentication, and I\'m considering using an email address as the sole user id. Here are what I see as the pros and cons (upd

相关标签:
15条回答
  • 予麋鹿
    2021-01-29 20:31

    CONS

    1. When the same password is used for the e-mail account, compromising the one automatically means compromising the other.
    0 讨论(0)
  • 别那么骄傲
    2021-01-29 20:31

    CON: If a hacker can try registering random email addresses en masse, he or she will be able to figure out which of those addresses are valid based on which registrations fail. This is a tactic that can be used to put together lists of known valid email addresses, which are a hot commodity on the spam black market.

    Although now that I think about it, that's a problem that affects any website which asks for an email address as part of the registration process, regardless of whether or not there's a separate username. But it's still something to think about.

    0 讨论(0)
  • 無奈伤痛
    2021-01-29 20:31

    To solve your con item of the email being too long to type in every time. I have implemented the StringScan Ruby library.

    require 'strscan'    
def signup!(user, &block)    
self.email = user[:email] unless user[:email].blank?    
str = StringScanner.new(self.email)    
str.scan_until(/@/)    
str.pre_match    
self.login = str.pre_match

    etc..

    Then just change login method to allow either email or login to match password.

    This works just like google or mobileme. A user can choose to just type in their email username (ie. username instead of username@gmail.com.)

    0 讨论(0)
  • 日久生厌
    2021-01-29 20:37

    One con might be that if it's an email address the login can be guessed by people and brute force attacks attempted. Which is not really a big issue, since on most sites today the logins are publicly displayed.

    The biggest pro is that logins are easier to remember this way.

    0 讨论(0)
  • 梦谈多话
    2021-01-29 20:39

    CON: If I change my email address, suddenly all my account names are invalid. My name doesn't change, but my email often does. I have occasionally revisited a site after a number of years, and been stuck... what was my email address two years ago???

    0 讨论(0)
  • 不知归路
    2021-01-29 20:40

    A good setup is to require username and email. Allowing the user to login with either email address or username is very user friendly. An added benefit is the user can change their email address. It would also allow multiple accounts for one email.

    0 讨论(0)
 看不清?
提交回复
热议问题