[What follows are some thoughts on usernames and identifiers. This was an extremely fun talk to put together. Many thanks as always to everyone who helped improve this talk including Chuck Mortimore and George Fletcher. – IG Sept 3 2019. If you don’t feel like reading everything, you check me out giving this talk at Identiverse in June of 2019.]
What I want to talk about
Usernames. They are the most forgotten, the most overlooked thing in our industry. They are, as we would say in the US, the “Gen X” of identity management. They show up; they do their job; they don’t get any credit. In fact, they do not get the same attention that their big brother “Password” and their little sister “Password-less” get. Instead, usernames do their job without thanks or recognition. But failing to pay attention to usernames can have major negative impacts to both B2B and B2C scenarios.
Why this talk?
Having been incredibly wrong about many things when it comes to identity, I have developed a habit: I like to re-examine my believes from time to time and make sure they are still valid. I like to root out the assumptions and the implicit principles, hold them up to the light, and see if they are correct.
Customer needs have driven me to think more about usernames. The very large program I am in the midst of at Salesforce has spurred this on as well.
But most of all – usernames are incredibly important, especially given how much use they get every day. And yet we don’t often talk about them.
5 Aspects of Usernames
There are 5 aspects of usernames that I’d like to discuss. These aspects overlap and, in the intersections, there are lessons to be learned.
Usernames:
- Are not a secret
- Must be classified as public data
- Must be memorable
- Must be unique
- Must be recoverable