As far as Facebook is concerned, your email is your ID. This is true for other social networks such as LinkedIn, and is slowly catching on with many other Web 2.0 services. It actually makes a lot of sense that your unique identifier (your “ID”) is your email: it’s unique by definition, it’s easy to remember, and most services need the email information anyway (for example, to send you a password reset) . So combining the ’email’ and ‘username’ fields makes a lot of sense.
Unlike in the past, where users frequently switched emails, we now have hotmail and gmail and personalized accounts that we can take with us when we change jobs or ISPs. Email is private (at least as private as snail mail) and if my bank is comfortable sending me alerts and other information via email, it’s definitely safe enough for the rest of us.
So if the email is meant to be the equivalent of your social security number or identification number (depending on which country you live in), how do we check that the email address we typed is free of typos? Most ID numbers have a check digit that acts as a checksum to make sure the ID was typed correctly. With email, we don’t have that, so you’re emailing the latest Vista joke to your coworker friend Bill Howards on the Vista team and it slips and the email goes to billg@ microsoft.com.
Or even worse, with gmail I received emails belonging to another Aviram who was too slow to catch aviram@gmail before me. Most of these wrong emails range from boring to funny, but today I received a purchase confirmation with the order number, the amount, and the last 4 digits of the CC number. Since I “own” the email associated with this account, which prevents me from logging into this guy’s account (having the eCommerce site send the password to “my” email due to my temporary amnesia) and redirect the order to another zip code that happens to be my house?
Sure, he would never do that to a fellow Aviram. But what happens when our possible future internet ID, our email, is mistyped in a government database and all our IRS information, special internet voting code and who knows what else is sent to our alternate identity, the guy? who lives next to us on the keyboard? Not good.
Receiving someone else’s order information is an obvious lesson for websites: be sure to verify the email address. Sending a test email and waiting for confirmation is a good security practice, as it not only confirms that the person typed their email address correctly, but also confirms that they didn’t enroll their mother-in-law in your wonderful daily prank service. for adults as payment. back for the last thanksgiving.
