3 Replies Latest reply on Jan 22, 2014 12:33 PM by beverly

    Emails as account names a good idea?

    nsmith9110@gmail.com

      Currently programming a database for a mortgage company that has in excess of 30,000 records. Too avoid dupkicate user names I figured use the email address as the login. Is this a good idea or is there any type of problem that could arise from this later down the road? Thanks

        • 1. Re: Emails as account names a good idea?
          Mike Duncan

          I think it depends on the application. Especially if there is lots of existing data, then you might want to look closer at it. There are still lots of people, especially older people, that share one email address. It still might work for what you want though.

          • 2. Re: Emails as account names a good idea?
            DavidZakary

            This is going to be very dependant upon your user base - is it a small group within the company or are the owners of the 30,000 records logging in to update their own informaiton?

             

            Something else to consider is the ability to retrieve forgotten login information. You haven'e mentioned if the users are in a controlled environment or open-ended.

             

            If you're using a web deployment - IWP or Web Direct you may need to log in with a very generic account and build a log in system that will trap invalid logins and offer the opportunity to retrive lost credentials.

             

            At this point you're storing logins in the database somewhere for retrieval and creating additional security grief for yourself.

             

            In a controlled enviroment, where you know all of the users, why not consider external authentication - Active/Open Directory? This could make life a lot easier.

             

            Bottom line, you haven't provided quite enough info for us to make a good suggestion.

            1 of 1 people found this helpful
            • 3. Re: Emails as account names a good idea?
              beverly

              DZ has some great points!

               

              And of course this is NOT to be used as a primary key or such. If they need to change the email address, then you have just buried historical records....

               

              I like to have more that email address as valid login. You can provide a password and store encrypted, if necessary. And this also can be reset as needed (by user and/or admin - by script).

               

              Beverly