A site we are currently developing is in the initial phases and we are working on the user authentication side of things.
Our initial idea has been to use Email addresses to login, instead of a “username”. Mainly for 2 reasons:
- Its easier to a user to remember their email address
- If the email is not displayed publicly it makes it harder for other users to attempt to login to another account
However, what could we do in terms of users forgetting their email address? If it was using a username and they forgot a username, they could just get it emailed back to themselves.
But how would be go about reminding them of the email address tied up to their account without revealing any security issues?