A note to web application designers

Just wanted to rant a second about a pet peeve of mine. Web app designers, listen up. OK, that’s melodramatic, barely any read here, but I just want to vent.

Do not ever use an email address in place of a username for system login. Yes, email addresses are easy to remember. Yes, many people only have a small amount, or one only. Yes, they are unique. But let’s face it, spam is a problem. Many people use one-to-one email systems like sneakemail or spamgourmet to prevent leakage of their real address to spammers. I rely heavily on the free sneakemail service, and therefor have addresses like 123dkjds at sneakemail.com with all my accounts. This poses a problem when I try to log into a site that uses my email address as my username. I can easily remember my username, or a variation of it. However, I cannot remember 123dkjds at sneakemail.com. As a result, I either have to check the login every time, or store all my logins in my browser form management tools. Am I OK with my browser remembering my login to some random comments forum? Yes. Do I want my Amazon login stored? No way.

One possible way out is to edit my keychain entries to hold my web form logins to sensitive sites, but manually edit the password field to hold a bogus password such as the number 1. Forms that use a typical password entry without javascript simply replace each password character with an ‘*’, so the single character would be easy to identify. It’s annoying because then Safari will also prompt me to resave the login info, to which I’ll always have to click “Not now”. I suppose that’s a minor annoyance.

—May 09, 2005