E-mail as username

I am making a form and my intention is that users will have to enter their e-mails as username.

What I want to know though, is what do you think is the best way to inform the user that he must enter his e-mail for username.

What the text that will accompany the specific field must say?

At first, it must be something easy. I decided to post though so I can hear views.

I would forget username and just have an email address field.


People will know what it means. This seems to obvious though, is there a reason why they have a username and email address if you don’t want them to use their username?

So , you are saying that just having an e-mail form field is enough.
No reason to mention at all the word username.

I am saying this because in some sites there is a form field with the label: username or e-mail
I am talking always about the registration form.

Well if you want to use the email address just use that in the fields and when there is a need for someone to login put email: instead of username. I don’t really understand the confusion?

Yes…there was confusion,sorry, I am developing all night and I am tired.

No problem what-so-ever! I’ve been there. Don’t worry you can use just email, I have done before.

Hopefully this is not a public username, as that would mean people’s email address is made public. If it’s just for logging in, of course, forget about “username” and just ask for what it is, an email address. :slight_smile:

The “username or email address” is for when you have both and either is acceptable for logging in.

I am talking here about a registration form NOT a login form.

I am asking for someone to register an e-mail and a password. And these are what I am going to ask when the user comes to log in.

This is the plan/scheme. Unless you see security holes with it.

Ask for an e-mail address and perhaps add a note saying that the e-mail address the user is registering with is also their ‘username’.
It usually speaks for itself when websites use this method.

Make sure your UI is consistent with the words it uses.

Macy-Lynn has excellent advice: tell users when registering that their email is their username, in case you have text somewhere stating “username” (which, you should try to avoid).

GMail has this and it’s a bit unfortunate. The UI is not consistent:
If I go to Gmail.com I’m expected to fill in my entire email address and password, which makes sense. However sometimes I am at work and the network redirects me to specifically mycompanyname.gmail.com. On this page, if I try to fill in an email address I get an error about using @ symbols: they only want the “username” (first part of my email address) and password.

Don’t do this. Be consistent. Linkedin.com always asks for an email address, for example. It keeps things simple by never mentioning “usernames”.

This is the plan/scheme. Unless you see security holes with it.

As Ralph said, many people will be dumb enough to use a regular email address to register with you. This means they’re typing in a live email address to log in later. Bad. The smart people will take the time to go make a throw-away email address, so that if you get compromised, or their session, or whatever, their actual used emailadress is not involved.
I was stupid and gave LinkedIn my real email address. It gets a lot of fake LinkedIn spam now. LinkedIn has been compromised at least twice now (passwords stolen). I assume my email address has been taken from there and fed to more spam houses. You’d better have better security than LinkedIn.

I assume by saying the above you do not suggest that I ask for something else also besides e-mail/password but maybe just use various cryptography functions.

I will do it for the password, but for the e-mail I do not quite know what can I do to increase security.

Well, stuff like wherever you store these things, keep in inaccessible directly via the web (different folder if it’s a file, so not in the /var/www for instance), don’t save as plaintext, set conditions on your db (like your db user has limited access and is maybe the sole superuser etc).
I assume this is basic stuff but have no direct experience with it. But there’s a Web Security section here on the forums with people who know this stuff.

You can simply say to the customer on the form that " fill your E-mail as User name " that’s it.