Hello,
I am quite new to rails and I am implementing authlogic as
authentication
system in my first project.
I want to have username optional during signup, is there any
configuration
options to set this?
I just want to have email & password during signup…
Thanks,
Madhu
On Wed, Aug 11, 2010 at 18:46, Madhu [email protected] wrote:
I want to have username optional during signup, is there any configuration
options to set this?
I just want to have email & password during signup…
Leaving aside all the Ruby, Rails, authlogic, and so forth
questions… I advise you not to do this. It means you’re using email
addresses as the primary person-identifier (as opposed to ID in the
database, which I ass-u-me will be numeric). That’s perfectly fine
from a technical point of view, but not for user convenience.
People often have multiple email addresses. People change email
addresses, for numerous reasons. People leave sites for a long time,
try to come back, and forget what email address they used when they
signed up. Been there, done that, couldn’t log in to get the T-shirt.
But they usually have a preferred username. (Maybe two, one for
places that insist on “real” names and one for everything else. Plus
maybe variations, if someone beat them to their preferred name, or
some benighted site insists on very short usernames.) They may go
away for a while and come back, and their “old” user ID will be
obvious to them, at least after a small number of tries.
Also, before people know your site well enough to trust it, they may
be reluctant to reveal an email address. They will probably not,
however, have any problems telling you what username they want to use.
-Dave
–
Specialization is for insects. -RAH | Have Pun, Will Babble! -me
Programming Blog: http://codosaur.us | Work: http://davearonson.com
Leadership Blog: http://dare2xl.com | Play: http://davearonson.net
On Thu, Aug 12, 2010 at 6:59 AM, Dave A.
[email protected] wrote:
On Wed, Aug 11, 2010 at 18:46, Madhu [email protected] wrote:
I just want to have email & password during signup…
… I advise you not to do this. It means you’re using email
addresses as the primary person-identifier (as opposed to ID in the
database, which I ass-u-me will be numeric). That’s perfectly fine
from a technical point of view, but not for user convenience.
I’d suggest the OP research this point, then, because my personal
opinion is diametrically (and vehemently) opposed to yours. 
In general I despise being asked to pick a “username”. My email
address uniquely identifies me, and that should be good enough.
(Yes, I have more than one, but only a couple that are used for the
purpose under discussion.)
Hassan S. ------------------------ [email protected]
twitter: @hassan
Hassan S. wrote:
On Thu, Aug 12, 2010 at 6:59 AM, Dave A.
[email protected] wrote:On Wed, Aug 11, 2010 at 18:46, Madhu [email protected] wrote:
I just want to have email & password during signup…
… I advise you not to do this. �It means you’re using email
addresses as the primary person-identifier (as opposed to ID in the
database, which I ass-u-me will be numeric). �That’s perfectly fine
from a technical point of view, but not for user convenience.I’d suggest the OP research this point, then, because my personal
opinion is diametrically (and vehemently) opposed to yours.In general I despise being asked to pick a “username”. My email
address uniquely identifies me, and that should be good enough.
I agree with Hassan here. I actually don’t mind being asked to pick a
username, but e-mail address should be fine. On a site I don’t use
much, I’m less likely to forget my e-mail address than an arbitrary
username.
Marnen Laibow-Koser
http://www.marnen.org
[email protected]
Robert W. wrote:
Marnen Laibow-Koser wrote:
I agree with Hassan here. I actually don’t mind being asked to pick a
username, but e-mail address should be fine. On a site I don’t use
much, I’m less likely to forget my e-mail address than an arbitrary
username.What happens when the user doesn’t remember their password?
Site designers often assumes the user has access to the email address
used to setup the account. The site will then send a password reset link
to that email address. Oops, now the user has a problem, since they may
have no way to access a cancelled email account.
That is true whether or not the e-mail address is the username. In
fact, I’d argue that if you’re typing your e-mail address as the
username all the time, you’re more likely to keep it current.
[…]
We really need to migrate away from the username/password INSANITY.
What insanity? What the heck is wrong with the current system, other
than that it’s worked for decades and can no longer be considered shiny
and new? What problems are there that need fixing, in your opinion?
Work
is being done to resolve this, but we have a long way to go. OpenID,
OAuth, etc. are the path forward.
Not really; they solve different problems. OpenID is basically SSO, and
OAuth appears to be mainly for API authentication (and annoying
developers ). Neither provides a general solution.
Let all help to get there so we can
get out of this username/password hell.
I’m not in hell. Why are you?
Best,
–Â
Marnen Laibow-Koser
http://www.marnen.org
[email protected]
Sent from my iPhone
Marnen Laibow-Koser wrote:
I agree with Hassan here. I actually don’t mind being asked to pick a
username, but e-mail address should be fine. On a site I don’t use
much, I’m less likely to forget my e-mail address than an arbitrary
username.
What happens when the user doesn’t remember their password?
Site designers often assumes the user has access to the email address
used to setup the account. The site will then send a password reset link
to that email address. Oops, now the user has a problem, since they may
have no way to access a cancelled email account.
At this point the chances are probably greater that the user will
abandon using your site over going though the hassle of trying to
convince you that they are who they say they are. And you may have no
way to prove that they are who they say they are.
Just make sure you provide alternate means of resetting passwords than
simply using the email address used to sign up.
We really need to migrate away from the username/password INSANITY. Work
is being done to resolve this, but we have a long way to go. OpenID,
OAuth, etc. are the path forward. Let all help to get there so we can
get out of this username/password hell.
On 12 August 2010 23:08, Marnen Laibow-Koser [email protected]
wrote:
Robert W. wrote:
[…]
We really need to migrate away from the username/password INSANITY.What insanity? What the heck is wrong with the current system, other
than that it’s worked for decades and can no longer be considered shiny
and new? What problems are there that need fixing, in your opinion?
The fact that I have to remember 145 username/passwords is a bit of an
issue. Many of the non-critical ones are the identical, but even so
it seems there aught to be a better way.
Colin
Colin L. wrote:
On 12 August 2010 23:08, Marnen Laibow-Koser [email protected]
wrote:Robert W. wrote:
[…]
We really need to migrate away from the username/password INSANITY.What insanity? �What the heck is wrong with the current system, other
than that it’s worked for decades and can no longer be considered shiny
and new? �What problems are there that need fixing, in your opinion?The fact that I have to remember 145 username/passwords is a bit of an
issue. Many of the non-critical ones are the identical, but even so
it seems there aught to be a better way.
OK, fair enough. And that’s one reason to use an e-mail address as
username: you’re less likely to forget it. This may also be where an
SSO solution like OpenID comes in handy.
Colin
Marnen Laibow-Koser
http://www.marnen.org
[email protected]
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs