I think it depends on the application. Especially if there is lots of existing data, then you might want to look closer at it. There are still lots of people, especially older people, that share one email address. It still might work for what you want though.
1 of 1 people found this helpful
This is going to be very dependant upon your user base - is it a small group within the company or are the owners of the 30,000 records logging in to update their own informaiton?
Something else to consider is the ability to retrieve forgotten login information. You haven'e mentioned if the users are in a controlled environment or open-ended.
If you're using a web deployment - IWP or Web Direct you may need to log in with a very generic account and build a log in system that will trap invalid logins and offer the opportunity to retrive lost credentials.
At this point you're storing logins in the database somewhere for retrieval and creating additional security grief for yourself.
In a controlled enviroment, where you know all of the users, why not consider external authentication - Active/Open Directory? This could make life a lot easier.
Bottom line, you haven't provided quite enough info for us to make a good suggestion.
DZ has some great points!
And of course this is NOT to be used as a primary key or such. If they need to change the email address, then you have just buried historical records....
I like to have more that email address as valid login. You can provide a password and store encrypted, if necessary. And this also can be reset as needed (by user and/or admin - by script).