• United States

Sign-on frustrations

Feb 23, 20043 mins
Access ControlEnterprise Applications

* How many variations of your name have you left to use to sign onto new sites?

This week I want to get back to basics. Specifically, I want to explore the issue of usernames.

Thirty years ago, a username was typically a six-character combination of letters assigned by MIS and baring no relationship to the user, a name or anything else that might make it memorable.

Fifteen years ago usernames had “progressed” to seven or eight characters, but usually allowed for something besides strict A-Z alphabetics. Numbers from 0-9 and sometimes a dash or an underscore could be used. Typically, the username was made up of a person’s first initial and up to seven letters from the user’s last name. I’ve been “dkearns” on many systems since early in the 1980s. Usually there wasn’t anyone else on the system whose first initial was “D” and whose last name was “Kearns”. When that clash did arise, it was solved by using either a middle initial (e.g., dakearns) or adding an integer at the end (e.g., dkearns3).

With the rise of the Internet over the past dozen years, though, it’s rare to find a site that has only one “dkearns.” (I remember one site that suggested that, since “dkearns” was taken, I become “dkearns143.” Evidently, there were already a gross of dkearnses in use.) While some enterprises had gone on to use names of almost unlimited length (e.g., david-anthony-kearns-junior), this was a short-lived phenomenon. Typing in 20 to 30 characters before your morning coffee would lead to lots of user lockouts as misspelling resulted in “unknown user” errors three, four or five times in a row.

Proliferating Web sites, services and applications that require me to log on exacerbate the problem since each appears to support a different subset of the keyboard characters in various lengths (typically 6 to 20 letters) and almost all have already got one dkearns or another signed up.

Single sign-on, federated identity and passport-like functionality all promise that – sometime in the future – I’ll really only need to remember one username. For now, though, I’d just like to use the same username at most of the sites. I hate having to keep a spreadsheet listing all the username/password combinations. It slows me down and it’s insecure.

I like those sites that let you use an e-mail address as a username. Not only can I easily remember, but there’s no problem with duplication – e-mail addresses have to be unique, or the mail won’t get through. I wish more systems would use e-mail address as username, but the problem goes beyond the conventional thinking of those responsible for the site, since many applications, services and operating systems reserve the “@” character and don’t allow its use in a username. That’s too bad as it would alleviate a lot of the frustration factor (“hmm, don’t like dkearns, dakearns, dkearns3, dakearns3, davek, or dak3? Guess I’ll have to be zzdave06, then.”) when signing up with a new service. Not too many businesses can afford to antagonize potential clients or customers.

Still, using an e-mail address can lead to other problems. I’ll explore that in the next issue.