[IxDA Discuss] email address as username
Gilles Demarty
gilles.demarty at gmail.com
Fri Oct 27 05:21:07 PDT 2006
Hi miguel and Sunandini.
> > How would this impact the security of the product? Is there any
> > drawback in using an email address as the username?
I'm not sure security is at stake here. I don't want to give you any
security lessons, as i have a bit of background in this subject, but :
Providing the name of the user, the email, or whatever is not to
authentify the user, but to identify it. The authentification is meant
only by the password. It does not add any more security to have the
login name being something secret as well.
Another way to say this is : You have first to state who you are (with
a login name, an email, etc...), and then you have to prove that you
are really who you are claiming (with a piece of information that you
only knows, or owns, or that is part of you.)
So if this is the security of the product that keeps you from using
the email as the username, don't be afraid to use it, it's totaly safe
(as far as you ask for a password as well).
HTH
Gilles
More information about the discuss
mailing list