How to Screw-Up Your Web2 Application

If I were a marketing guy, I would keep you in suspense right up to the end of this post.  I would waffle on for ages about how and why I'm going to tell you "the secret," and what a super guy I am for letting you in on this.

But I'm a programmer, and time is precious.  All over the web I see this particular piece of egregious stupidity:

Apps that use email addresses as user-ids.

I strongly advise against the use of email addresses as login ids.  Consider the following 2 common cases:

1. The user changes their email address (due to changing provider or whatever). 
2. A user leaves the community.  Months/years later another user joins; they have the same email address as the old user, but are not the same person.  Are you going to refuse them entry?

In the former case, if you allow them to change their login to correspond to their new email address, you lose the trail of what they've done over time, since you've essentially changed their identity.

Worse, yet, if you're doing any kind of app that allows the user to build up a history, karma points, reputation, whatever, since you force them to throw away their entire investment in your site.  They may as well go elsewhere.  That history took the user time, energy and effort to build, and constitutes your only real barrier to entry against competitors who want to eat your userbase.

In Summary:

A login-id is an identity.  An email address is not an identity.  It is an address.