[thelist] Usernames and Passwords

Bill Moseley moseley at hank.org
Tue May 1 12:01:46 CDT 2007


On Tue, May 01, 2007 at 05:32:04PM +0100, Lee Kowalkowski wrote:
> > Although Ebay could have remedied the situation by some better
> > application logic, the heart of the problem is that email addresses are
> > not unique over time.
> 
> Not unique in what way?  You can't duplicate an email address like you
> can't duplicate instances of cars (yet).  Ownership can be
> transferred, access can be shared, just like cars, but they are still
> unique things.  Usernames can change hands in a similar way.

Email addresses are unique at any moment, but are not unique over time.
And if you plan to keep data over time, well, they are not unique.

I just did a database conversion and even with a relatively small data
set (about 50,000 users) and there were about 50 duplicate email
address and nothing else (name, employer, city, state, address, phone,
zip code) matched.  Large ISPs recycle email addresses.  Just like
telephone numbers are often not unique -- ever get a new phone number
and start getting calls for someone else?

Passwords are not unique, although the odds of two people with the
same email selecting the same password are not good.

The other approach, would be to only allow one email address and
account to be active at the same time, but allow multiple email
addresses and not active accounts.  Not sure how to enforce that in
the database.


-- 
Bill Moseley
moseley at hank.org




More information about the thelist mailing list