Saturday, December 31, 2016

accounts - Why do sites split 'password' and 'username' retrieval into two separate operations?


I find this way of doing it highly annoying when I come back to a site I haven't used in a while. First having to enter my email to get my username and then enter my username and email to reset my password.


Why do sites split it up like this? Is it believed to be better UX? Better security?


I mean, the weak point is my email in both cases, so if someone got a hold of that they would get both the username and the password anyways. So why not just combine it into one function where you only need to supply your email?



Answer




Well, this is some kind of old approach imo. A while ago username was usually used for two purposes: as identity (to log-on) and as something to display (when you post comments for instance). I believe it came from standalone apps and operation systems, where email is something secondary and username is something primary. Meanwhile it doesn't work in a web, where user email is usually a primary thing.


Modern sites have better UX by separating a way you log-on and a way you communicate with other users:



  • When communicating with other users, they only see your name, doesn't know how you actually log-in (email, smart card etc..).

  • When it come to your identity, email (or similar unique id) is used. So when you like to recover ability to log-in, you just enter your email address and password recovery process starts. Name is not involved.


So, finally answering your question, this wrong log-in approach causes also a wrong recovery process.


No comments:

Post a Comment

technique - How credible is wikipedia?

I understand that this question relates more to wikipedia than it does writing but... If I was going to use wikipedia for a source for a res...