Did I mention that we’re writing a web app? Specifically, a personal recipe site. Personal in the sense that you get some ownership of your recipes – this means no abusive comments from some stranger about your bad taste (naturally you’ll consider that his comments highlight who really has the bad taste). Ownership means identity which means username and password – with me so far?
Identity for a web application means you need something unique to tell Sally and Timmy apart. This unique thing needs to be pretty short otherwise it’ll be immediately forgotten (don’t even think GUID – they aren’t funny, even trying to read one hurts). So why not just use “Sally” for Sally and “Timmy” for Timmy. I think most of us have heard this one before or read some amusing anecdote about how Timmy Jones born 29th February 1964 was denied entry into some country because some other Timmy Jones with the same birth date did something naughty.
Usernames can be short and the user can decide what name he goes by. Timmy prefers “TJ” anyway, so it’s win-win… Ah, not quite in this case, as “TJ” is already taken. So swearing softly under his breath, Timmy tries again: TJ1, nope; TJ64, system lags for a bit before “Sorry, username TJ64 is already in use”. In a bout of frustration, TJ ends up with the simple username of “TimmyJones64_OldSouthWestStreet_FavouriteColourBlue” (he even had to use the UK spelling of “colour” as the US style “color” was already taken).
Next up, the system is going to mandate that he enters an email address – which happens to be, wait for it, a globally unique identifying string: timmyj64@gmail.com (facebook is one of the big guys to realise this). Sure, Timmy still has an ugly username for gmail. However, on our site he uses his email address instead of being forced to make another different ugly username just to keep track of a few recipes.
But, but, what if Timmy decides to ditch gmail and returns to the familar comfort of hotmail instead? (Ah, the good old days of pointless home pages. Inboxes… Only a madman starts their email to look at their inbox.)
No problem, just make it extremely easy for him to change his email address and make sure it’s updated in the right parts of the system.
But then there’s re-authentication. Yes, you’ll have to reconfirm via some new email activation code when someone changes email addresses – but you had to do that anyway. You are allowing people to change email addresses, right?
OpenId? Sorry, I thought I heard one timid voice in the crowd. OpenId is an awesome idea however it’s not (yet) so pervasive that we can ditch our own user management and go OpenId exclusive. That’ll be a good day though.
To summarise: use email instead of usernames as your unique identifier. By letting people optionally add a real name or their actual nickname, you can drop usernames from your application entirely. Just keep making software that tiny bit smaller and less painful.
Tags: development, software
waldo, you have a fan = me ;)
alternately,
- comments moderation = great way of dealing with bad taste stranger
- i hate reauthentication emails :P