|
|
|
|
|
|
by DidYaWipe
361 days ago
|
|
|
So what? At worst, it's no worse. But by default, it's already way better. Why? Because all of our E-mail addresses are on thousands of spammers' lists. So if you hammer that list with a dictionary of popular passwords, you're going to get a bunch of compromised accounts right there. But even worse: When you force non-tech-savvy people to use their E-mail address as their ID, many are going to think they need to use their E-mail password as well. So now if one poorly-run site suffers a data breach, all of its users' E-mail addresses AND passwords are out there. Identity theft ahoy. Not to mention the loss of people's accounts when they change E-mail addresses; When Apple started requiring that Apple IDs be E-mail addresses, it created a massive problem of people having purchases scattered across multiple accounts because they'd create a new one when their E-mail address changed. After the outcry, Apple huffily declared that it wasn't going to let people consolidate their accounts. But back to the point: Allowing people to create a proper user ID as free-form text doesn't preclude them from using their E-mail address if they insist on doing so. But they should be encouraged not to. |
|
|