jawtheshark's Journal: The username/email conundrum

The username/email conundrum

I have always hated this

[Jeremiah Cornelius]

Flawed in so many ways - perpetrated by AD, linking Exchange. More MS bullshit that spilled over into the Dot Coma world.

Re:

[jawtheshark]

I'm not too familiar with AD and Exchange. I believe you, but I wouldn't have guessed that this would be the origin.

Re:

[Jeremiah Cornelius]

You sign into AD with either a username, or SMTP addess. They unified namespace this way. 14 years ago...

Additionally, random account creation

[insanecarbonbasedlif]

Another flaw - using the email address as the username and then not verifying the email address prior to actual account creation has lead to me getting a number of accounts on a number of systems I have no interest in. This is probably mostly due the fact that my main email address is very simple and a bunch of people either mistakenly or idiotically keep using it instead of their own... As a matter of fact that's how I ended up with a FB account in the first place.

Re:

[jawtheshark]

Wow, that's one side I never expected to hear. Quite interesting. I've heard of owners of email addresses that get unwanted mail from people with the same name.

No real solutions, just better sticking plasters

[MonTemplar]

Alerting you to login attempts from new locations or devices, and offer two-factor authentication, will slow down the hackers for a time.

But the answer, for most service providers, is to tell the user that it's their problem now.

Re:

[jawtheshark]

Well, the two factor authentication I favour most is the simple SMS to a know phone number. Facebook seems to be able to send warning SMS, but it want you to use their App for the two factor authentication. I don't see that as a good idea.

I'm not all that fond of phone based two-factor authentication any way. Especially, because phones break, get lost or get stolen at the least opportune moments.