« Cybersecurity mystery | Main | The Merck Covid-19 pill: is the result statistically significant? »


Feed You can follow this conversation by subscribing to the comment feed for this post.


Emails addresses are less likely to be forgotten than user names.

Email addresses can be used for marketing, or sold if a company goes belly up. Usernames are less valuable in that way.

Mirek Długosz

Again, I am not an expert.

I am not sure if requiring email address has much to do with security. Perhaps you can make a case for arbitrary username as being more secure, but I am not aware of any serious discussion about this.

Instead, preference for email addresses over arbitrary user names has much to with user experience.

Many websites require users to confirm account creation. Usually this is done by clicking a link sent over an email. So for these websites, email address is already mandatory information. There's no point in asking for second mandatory information that basically serves the same purpose.

Most people already have an email account, and usually they remember it. But not everyone has their own preferred username. So forcing people to come up with some username while creating account can actually be the most difficult part of entire process. I think this might apply especially to older folks, who don't really have a concept of "user name" and who might default to putting in their legal names. Which might be disastrous if user names are publicly available (as they usually are).

Then, usernames are specific to each site. Most websites don't clean up unused accounts. Chances of my preferred username being already taken are constantly increasing. So often user is effectively forced to create some unique variation of their preferred username, or come up with something completely new, and remember what exactly they have used for each site. This is hard, similar to how coming up with unique password for each website is hard.

And finally, user names simply do not make any sense for multiple websites and they were introduced only because everyone else on the web was doing them. Many websites are interface between user and service provider (all online shops) or they primarily serve the user himself (all the web apps; these are the things that 20 years ago you would install on your computer). Many social media websites will require, or at least gently push you towards using legal first and last name. For all these websites, username does not serve any tangible purpose.


The email address is effectively a second auth factor, because it's something you own. They can send a token to that email and know that only you will know its value.

The comments to this entry are closed.

Get new posts by email:
Kaiser Fung. Business analytics and data visualization expert. Author and Speaker.
Visit my website. Follow my Twitter. See my articles at Daily Beast, 538, HBR, Wired.

See my Youtube and Flickr.


  • only in Big Data
Numbers Rule Your World:
Amazon - Barnes&Noble

Amazon - Barnes&Noble

Junk Charts Blog

Link to junkcharts

Graphics design by Amanda Lee

Next Events

Jan: 10 NYPL Data Science Careers Talk, New York, NY

Past Events

Aug: 15 NYPL Analytics Resume Review Workshop, New York, NY

Apr: 2 Data Visualization Seminar, Pasadena, CA

Mar: 30 ASA DataFest, New York, NY

See more here

Principal Analytics Prep

Link to Principal Analytics Prep