I’m currently working on removing usernames from the software and using e-mail address as a primary logon. There are several problems I see with usernames. Several thoughts:
- They are usually lower case and words are often mashed together. Sometimes people stick a number or a country on the end. Sometimes names are separated using underscores or dots (periods). If two people want the username Joe Example, there could be a joeexample, joe_example and joe.example. This can be confusing.
- Not as friendly as showing proper names. One nice touch of newsgroups is you get an email address of the poster and a “friendly name”. It’s a nice touch for a forum post to say “Joe Example wrote:” rather than “joe.example40uk wrote:”.
- Most users should theoretically have one e-mail account for all their forums or one account for everything. It should therefore be easy to remember your login name on sites. Certainly I’ve got different variations of the same name at many sites. Usually this is just because someone else has got there first. With e-mail addresses, you can always use the same login name. No one else could have taken that login name.
- A good login name is not always a good public display name. You may want others to know you as ‘Joe Example’ but when you login you just want to login as joe. Displaying a login name to everyone publically sounds a bit hackish to me.
- Sometimes users get bored of their username and want to create a new one. At the moment, they’d create a new account. This is not good.
My current plan is to remove usernames. This leaves us with just three columns in the user table – email, password and user_id. That’s almost the bare minimal required for authentication. One of the goals of this software is integration with other software. Someone can write a class for LDAP, Jabber, WordPress, phpBB or whatever. I believe that making sure what no SQL queries join with the user table and removing username would make it much easier to integrate with other authentication systems. Removing the username will be a key part of this.
When users register it’ll ask them for an email address, password and public name. This public name is already part of the profile but will be made a mandatory field. This will be the name which is displayed all over the site – blog comments, profiles, forum posts. To reduce confusion, this public name will be limited (“canonized”). No underscores, no periods, just spaces. No odd mixes of uppercase and lowercase – it’s all lowercase apart from the first letter of each word which is capitalized. Brackets are allowed.
Users can change their public names – probably with a limit of 3 different public names. Once you’ve taken a name, it’s yours forever. Even if you change your public name, no one else can taken it. The 3 name limit is to stop people pointlessly changing their public name every few days. Your old public name is linked to your new one. If someone sends a message to your old public name, it’ll still go to you. If someone tries to view the profile of your old profile name, it’ll show your new one. And there’s no reason why the login form shouldn’t be able to accept your public name as a login.
In short, I’m restructuring the software in such a way to make the login name and publically displayed name different. This will allow users to change public names and allow the software to work with different authentication methods better. It should be a mostly transparent change to the end user. As usual, comments and thoughts welcome!