Marnen Laibow-Koser wrote: > I agree with Hassan here. I actually don't *mind* being asked to pick a > username, but e-mail address should be fine. On a site I don't use > much, I'm less likely to forget my e-mail address than an arbitrary > username.
What happens when the user doesn't remember their password? Site designers often assumes the user has access to the email address used to setup the account. The site will then send a password reset link to that email address. Oops, now the user has a problem, since they may have no way to access a cancelled email account. At this point the chances are probably greater that the user will abandon using your site over going though the hassle of trying to convince you that they are who they say they are. And you may have no way to prove that they are who they say they are. Just make sure you provide alternate means of resetting passwords than simply using the email address used to sign up. We really need to migrate away from the username/password INSANITY. Work is being done to resolve this, but we have a long way to go. OpenID, OAuth, etc. are the path forward. Let all help to get there so we can get out of this username/password hell. -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
