configuration to set username optional during signup

Hello,

I am quite new to rails and I am implementing authlogic as authentication system in my first project.

I want to have username optional during signup, is there any configuration options to set this?

I just want to have email & password during signup…

Thanks,
Madhu

Leaving aside all the Ruby, Rails, authlogic, and so forth
questions... I advise you not to do this. It means you're using email
addresses as the primary person-identifier (as opposed to ID in the
database, which I ass-u-me will be numeric). That's perfectly fine
from a technical point of view, but not for user convenience.

People often have multiple email addresses. People change email
addresses, for numerous reasons. People leave sites for a long time,
try to come back, and forget what email address they used when they
signed up. Been there, done that, couldn't log in to get the T-shirt.

But they usually have a preferred username. (Maybe two, one for
places that insist on "real" names and one for everything else. Plus
maybe variations, if someone beat them to their preferred name, or
some benighted site insists on very short usernames.) They may go
away for a while and come back, and their "old" user ID will be
obvious to them, at least after a small number of tries.

Also, before people know your site well enough to trust it, they may
be reluctant to reveal an email address. They will probably not,
however, have any problems telling you what username they want to use.

-Dave

I'd suggest the OP research this point, then, because my personal
opinion is diametrically (and vehemently) opposed to yours. :slight_smile:

In general I *despise* being asked to pick a "username". My email
address uniquely identifies me, and that should be good enough.
(Yes, I have more than one, but only a couple that are used for the
purpose under discussion.)

YMMV!

Hassan Schroeder wrote:

Marnen Laibow-Koser wrote:

I agree with Hassan here. I actually don't *mind* being asked to pick a
username, but e-mail address should be fine. On a site I don't use
much, I'm less likely to forget my e-mail address than an arbitrary
username.

What happens when the user doesn't remember their password?

Site designers often assumes the user has access to the email address
used to setup the account. The site will then send a password reset link
to that email address. Oops, now the user has a problem, since they may
have no way to access a cancelled email account.

At this point the chances are probably greater that the user will
abandon using your site over going though the hassle of trying to
convince you that they are who they say they are. And you may have no
way to prove that they are who they say they are.

Just make sure you provide alternate means of resetting passwords than
simply using the email address used to sign up.

We really need to migrate away from the username/password INSANITY. Work
is being done to resolve this, but we have a long way to go. OpenID,
OAuth, etc. are the path forward. Let all help to get there so we can
get out of this username/password hell.

Robert Walker wrote:

Marnen Laibow-Koser wrote:

I agree with Hassan here. I actually don't *mind* being asked to pick a
username, but e-mail address should be fine. On a site I don't use
much, I'm less likely to forget my e-mail address than an arbitrary
username.

What happens when the user doesn't remember their password?

Site designers often assumes the user has access to the email address
used to setup the account. The site will then send a password reset link
to that email address. Oops, now the user has a problem, since they may
have no way to access a cancelled email account.

That is true whether or not the e-mail address is the username. In
fact, I'd argue that if you're typing your e-mail address as the
username all the time, you're *more* likely to keep it current.

[...]

We really need to migrate away from the username/password INSANITY.

What insanity? What the heck is wrong with the current system, other
than that it's worked for decades and can no longer be considered shiny
and new? What problems are there that need fixing, in your opinion?

Work
is being done to resolve this, but we have a long way to go. OpenID,
OAuth, etc. are the path forward.

Not really; they solve different problems. OpenID is basically SSO, and
OAuth appears to be mainly for API authentication (and annoying
developers :slight_smile: ). Neither provides a general solution.

Let all help to get there so we can
get out of this username/password hell.

I'm not in hell. Why are you?

Best,

The fact that I have to remember 145 username/passwords is a bit of an
issue. Many of the non-critical ones are the identical, but even so
it seems there aught to be a better way.

Colin

Colin Law wrote:

Robert Walker wrote:

[...]
We really need to migrate away from the username/password INSANITY.

What insanity? �What the heck is wrong with the current system, other
than that it's worked for decades and can no longer be considered shiny
and new? �What problems are there that need fixing, in your opinion?

The fact that I have to remember 145 username/passwords is a bit of an
issue. Many of the non-critical ones are the identical, but even so
it seems there aught to be a better way.

OK, fair enough. And that's one reason to use an e-mail address as
username: you're less likely to forget it. This may also be where an
SSO solution like OpenID comes in handy.

Colin

Best,