User cannot remember Username

I am currently writing out various “Log-In Failure” scenarios including:

  • Invalid Username
  • Invalid Password
  • Forgot Username
  • Forgot Password

and so on…

What are some reasonable approaches to handling a user that cannot remember his/her Username?

(The Username is the customer’s e-mail address.)

Should there be an alternative e-mail address?

Do I use “challenge questions”?

Something else?


Some sites use the secret question method where if you can answer (usually more than one) secret question, a link will be sent to the email they used with their username and a link which will allow them to reset the password.

Then hopefully the user will get the email sent (i.e. they have a common email repository to retrieve from).

What Stephan says is true - there can be multiple people with the same responses, so they typically need to know one or the other or both.

You can be lenient in that if they forget their usernames, they can have them sent to their email address. If they forget which email address it’s registered to, it’s going to be a problem since most “forgot password” processes emails the users with a link for resetting the password - there are few anymore which allow you to change it without going to email first.

Well, right, that was my original idea.

For instance, I have a primary e-mail address with Verizon and then lots of “junk” e-mails with Google, Yahoo, etc.

Sometimes I may choose to not use my primary e-mail for whatever reason (e.g. this is a one-off purchase and I don’t trust my main e-mail with some website).

In such a case, I might use a secondary or tertiary e-mail - which are easier to forget - but also enter a “catch-all” e-mail as an alternative e-mail that I wouldn’t forget (my gmail email). So allowing me to enter my catch-all g-mail email might be helpful.

I think your point is that if a customer is so obtuse that they cannot remember their Username/Emial then you have a larger issue, and you are probably right.

I’m just trying to be a good analyst and think of different scenarios. :slight_smile:


You still need to enter either the username or email address in order to identify the account sufficiently to use that option so it doesn’t work when the email address is the username.

The only sites I have seen that use an alternate email address are ones where it is an actual email account and so sending to that email address if you have forgotten the password to access it is rather pointless…

Don’t large sites like and Yahoo Mail use an alternative e-mail or some other way for users to log in if they forget their username/e-mail??

You bring up some good points, but at the same time, in this day and age were everyone has dozens of e-mails, usernames, passwords, etc. it is more conceivable that a legitimate Customer could get mixed up as to which e-mail they used. (Especially if they are a newer user.)


So basically I shouldn’t be so lenient with forgotten Usernames?

I guess that is okay.


If they forget their own email address then they have bigger problems than accessing your site.

If they have multiple email addresses then they’ll just try each one until they find the one they used for your site.

The only time you need worry about forgotten username is when it isn’t their email address.