The Design of Software (CLOSED)

A public forum for discussing the design of software, from the user interface to the code architecture. Now closed.

The "Design of Software" discussion group has been merged with the main Joel on Software discussion group.

The archives will remain online indefinitely.

Web-app user account?

What is the best method for loggin in a web app? User would fill up CompanyCode, UserCode and Password or unique AccountCode and Password only? My problem with the latter (2 fields) is the creation of account for other  users in the same company. And with the former, each user must remember the CompanyCode aside from his/her UserCode. Any suggestion/ideas is appreciated. Thanks.
Sunday, July 17, 2005
I prefer email address and password. Since some sites have stupid limitations on the usernames (and passwords), it can be hard to remember all your usernames.
Pythonic Send private email
Sunday, July 17, 2005
+1 for email and password

Generally you will need to have the user's email anyway, and since these are unique why not simply use this instead of an arbitrary username?
redeye Send private email
Monday, July 18, 2005
It depends what the site is for. If the users are going to interact with one another you may not want them to be identified via email address. That isn't to say that a username couldn't be a required data object but not be required for login, but you do need to think about these things.

Monday, July 18, 2005
Also consider whether it is ever a valid possibility for one of your users to want to have more than one account. I've lost count of the times i've needed more than one level of membership on some site (testing reasons maybe, research, sharing an account with someone, etc) and been told "user name already in use" because they've chosen email.
Andrew Cherry Send private email
Monday, July 18, 2005
I'd go for the email/password combination too, unless you can piggyback it on to some other system like Windows Authentication through the browser or MS passport (provided it isn't used for e-commerce or something else sensitive).
Colm O'Connor Send private email
Monday, July 18, 2005
Email definitely.

Is a password necessary?
son of parnas
Monday, July 18, 2005
son of parnas, it shouldn't be, for non-critical profile updates like newsletter subscription.

Only you and you know you have subscribed to the newsletter or mailing list. If some bot/elite-hacker logged in--all he can do is unsubscribe you. *gasp* Less email personalized to you? That's Never A Bad Thing(TM).

Most people don't want to remember a password for every little thing, try to keep that in mind. However there are times when password is critical--strong password even more so--it's not optional then.
Li-fan Chen Send private email
Tuesday, July 19, 2005

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics
Powered by FogBugz