Advanced Notes

Advanced note on email reuse

Another alternative is to let users create multiple accounts with the same email address. You can then try to train them that to control which account they access, they must login using the same steps. For example, you could try to train the user Frank to remember the following:

  • On website cooldocs.com I can access one account when I log in with my frankbrown@yahoo.com address and password.

  • On website cooldocs.com I can access a different account when I log in by pressing the Google Accounts button if I am using my Google Account with my frankbrown@yahoo.com address.

  • On website cooldocs.com I can access a third account when I log in by pressing the Facebook button if I am using my Facebook account with my frankbrown@yahoo.com address.

That is too much for users to understand. Even if they could partially understand it, after they login, they need a way to tell which of the accounts they are using. Displays the users email address will not be enough to help them differentiate. It would be simpler to not support federated login then to create that situation.

Advanced note on usernames

Another option is that you can ask users to select a username that is unique to your website, but it is hard for end users to remember the different usernames they have registered on websites, and it becomes even more confusing if they have to remember which identity (work, personal, etc.) it maps to.

For example, imagine the user Sara has to remember the following:

  • On website cooldocs.com I am username “Sara” when I log in with my sarasmith@gmail.com address and password.

  • On website cooldocs.com I am username “Sara2” when I log in by pressing the Twitter button if I am using my Twitter account with my sarasmith@gmail.com address

  • On website cooldocs.com I am username “SaraWork” when I log in by pressing the Google Apps button and enter acmeco.com and then login to Acme with my ssmith@acmeco.com work account

That is too much for users to understand. It would be simpler to not support federated login then to create that situation.