开发者

should i allow user to change email when using email as username? [closed]

开发者 https://www.devze.com 2022-12-18 12:47 出处:网络
Closed. This question is opinion-based. It is not currently accepting answers. Want to improve this question? Update the question so it can be answered with facts and citations by editing
Closed. This question is opinion-based. It is not currently accepting answers.

Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.

Closed 4 years ago.

Improve this question

I am using the email address as a userna开发者_JAVA百科me and am allowing users to change their email... which obviously also changes their login. Is there any reason why allowing this flexibility would be a problem? users are tracked with userid.

thanks


The capability of changing the mail address is essential, otherwise a user might lose all his data on your site because he might no longer be able to access it (password recovery wouldn't work anymore).

Just make sure the new e-mail address is verified and keep the old one (and only that one) active until the verification is performed!

I don't exactly understand what you mean with

my concern is that i can pass my account to someone else and that new person inherits the prior persons history but can change the email AND the display name, and be a complete fraud

Should somebody pass his account so someone else, your outta luck. Even if you required short message pin / cellphone authentication, you'd still have to give the user the option to also change his cell number.

Snail mail and real names (i.e., the banking approach) are an option, but that is slow and quite expensive.


I would recommend keeping track of both old and new e-mails and allow them to login with either. FogBugz has a username field as well as e-mail with support for multiple e-mail addresses and users can login with any e-mail address or their chosen username.

Don't make things harder for the user when it's easy to program around.


If your system contacts the user with information regarding his/her account via e-mail, I think allowing the user to change his/her e-mail should be allowed.


Just about every site I've seen that uses an e-mail address as the login allow users to change their e-mail address and thus, their login names.

In terms of public identity, most services allow you to create a screen name or handle for your account, so while you may log in with your e-mail "bob@domain.com", you'll still be known as "Bob" regardless of whether or not you change your e-mail/login.

It's also a good idea not to show people's e-mail addresses unless they explicitly allow it.


When you say users are tracked with userid, does userid mean email address? What you might try is generating a user id # for each user and use that to track users instead of email addresses. You can still use email addresses as your login mechanism and all that, but using a number behind the scenes would allow users to change email addresses.


I recommend you to use an id number as primary key of the table and you can use whatever you want as username, for instance the email. The user will only see his username but not the id. Then the user will be able to change his username (email) but the primary key will be the same and will not be any problem with foreign keys to other tables.


If Sam's suggestion doesn't work for you, you could at least notify them of this either on the web page or by e-mail. (or both)


Since you have a userid, you should allow this. I maintain a website where the email is a login for the registered users but sometimes users may deactivate/change their email for whatever reason and then they update their email. You don't want to lose your users by restricting this.

0

精彩评论

暂无评论...
验证码 换一张
取 消