Allowing e-mail address to be a username

[jimchicago]

Hi, I finally took the time to learn how to use BV's member-signup and secure-login tools to create a password-protected members' area of a web site.

So far it works fine, but once I "go live" with it, what if someone wants to use an e-mail address as their username? When I try to create an account using an e-mail address, I get the message, "Username is not valid. Please re-check and try again." Can I somehow modify the form to allow usernames with "@" in them? I assume that one character is the "sticking point" . . . yes? THANK YOU.

[Vasili]

No. The script has been specially written to provide the security and hack-resistant measures required to functionalize such a competent feature.

Your wish to include such an ability to allow a functional symbol is out of normal parameters as far as internet protocol and traditional manner, and exceeds Visitor expectations as well, as for the most part they are quite accepting of what is a universiality and a doubly beneficial security measure that is present across the web already. Only the very naieve do not understand it as a means to keep their email address more private by not offering it to a open view by using it as a User name.

[jimchicago]

Thanks Vasili for your prompt reply. I kinda thought the answer might be no, although I do see more than a few sites that allow (or even direct) the would-be member to use an e-mail address as his or her login ID.

Quick follow-up question: If I send to my site's members an e-mail containing links to pages in the members' area of the site, and they click one of these links, I assume they will have to log into the members' area just as if they were trying to enter it from a public page of the site. True? And if so, would you say this practice also is widespread on the web today? THANKS.

[Vasili]

Thanks Vasili for your prompt reply. I kinda thought the answer might be no, although I do see more than a few sites that allow (or even direct) the would-be member to use an e-mail address as his or her login ID. This is improperly being perpetuated (as said earlier) by those that either do not respect the security of their client's identity or who do not realize that one of the first steps to creating an exploitation is to spoof an identity to gain access: part of registering is to enter an email address, so there is no compelling need to urge Users to enter an email address as User Name, it it already in the databse files; scouring programs will spoof an email address if User-name enabled and then run a simple stacking program to crack the password, which is in truth the easiest part. So, no, there are not "more than a few" reputable sites still practicing this by format, only those yet insulated by ignorance or arrogance.

Quick follow-up question: If I send to my site's members an e-mail containing links to pages in the members' area of the site, and they click one of these links, I assume they will have to log into the members' area just as if they were trying to enter it from a public page of the site. True?
Correct.
And if so, would you say this practice also is widespread on the web today? Not really .... the better results are gained (deeper relationships with a customer base, greater overall page visits/conversion, more import, etc.) by a more refined invitation, cleverly composed to present a compelling opportunity. Most of the time, members are emailed openly with an announcement or offer as body of the email, and it is customary to give a few small announcements or invitations to visit the Member area, but for the most part there is no need to distribute a link to a specific page within the Member area: it is enough to get people delivered to the Login page itself (and to see the updated ads, offers, or invitations). Broadcasting a "protected link" only offers another opportunity for hacks to follow up and analyze for possible breach, so asking Customers to merely Login to a "Special Area" for a Special Offer or update is not only more professional, it is more secure. Thus it is best to provide a link to the Main Login Page where you present the opportunity to Register and have 'announcements' of current items/offers/reasons to Login or Register.... especially knowing how people share links or forward Newsletters and Coupons: prepare to have new "Users" register easily, since others are spreading the word for you (letting your marketing emerge as viral). Meet and Greet Everyone (New and Familiar) Equally ...

Agree?

[jimchicago]

Wow . . . thank you for all that, Vasili. I'm glad I asked about this, as I had no idea of the security risks posed by email-addresses-as-usernames, and you clearly have a point of view on it(!) . . . and yes, I agree with it.

I can see how it's more secure to have members go from one of my e-mails to the login page for the members' area. The site owner (or person in charge of the members' area) just needs to be sure that after members log in, the page they land on clearly reflects the e-mail from which they clicked thru. For example:

- If this week's email to members includes summaries of articles A, B, and C, then the post-login landing page must have--"above the fold"--prominent links to the full text of A, B, and C.

- If NEXT week's email to members summarizes articles D, E, and F, then the landing page must have (by next week) prominent links to them "above the fold"--and above the links to A, B, and C.

Is this an example of the structure you recommend(ed)?

[Vasili]

That works ... as would be seen on a Wordpress or CMS site with their "Archives" being newest on top.

I was composing more from the perspective that I know you are building sites primarily for restaurants, pubs, and the like, thinking that there would be distributables for a more Loyalty-Based Member Area, not just for Special Offers, Coupons, or Articles. And if you were getting on the wagon by merging Social Media marketing with the email campaigns, being the initial point of origin, actually, thus the attention span is shorter for those SM Customers that expect some more explanation or pre-qualification prior to actually visiting the site ....

But yes .... having a separate Login/Registration page in the Public Area of the Main Site is important, and to include snippet ads or announcements is a graphical invitation to entice newcomers to register as much as it is an quick visual invitation to Members of what to expect inside (what is new and updated). In any event, the links from each will still need to direct to either the index page in the protected directory or to a specific page beyond the Login .... whichever is most logically feasible according to your needs and that which can best efficiently managed without becoming a burden (which is easier, to create a new page for each or to update a splash page at the same time?).

There is simply too much to get into here .... I think you get the drill though. Your originally posted question has been answered more than fully, I think.