Tuesday, October 20, 2015

What to use for login - username, email or phone number?

It seems trivial on surface, pick a strategy and go with it. However, it can be useful to pause a think about your exact use case as each of username, email and phone number have distinct pros and cons.

If you are developing a mobile app, phone number along with a one time password is a good option to use for login. Whatsapp, Telegram and others use this strategy. The clear advantage is that most users have a phone number (people with tablets may not have a phone number), and a user does not have to remember a password. However, phone numbers can change often, especially if a user moves to a different city or country. As a result, a user can lose access to their account unless the app allows to change phone numbers by some means. Moreover, a user's phone number may have previously belonged to someone else. This may result in a user getting access to someone else's account. Users may need to provide an email or an alternate phone number to help avoid these pitfalls.

Username along with a password is a good option both for mobile apps and web apps. A user can choose a unique username and a password. Now no user can access another user's account by accident as in the case of phone numbers, and the user does not lose access to their account as long as they remember the username and password. However, remembering usernames and passwords for all the different apps is hard. An email address or phone number would be required for username and password recovery. One big advantage of usernames is that users can try your app without providing their personal information i.e. email or phone number. Also, the registration step can be really quick, if users don't have to verify their email or phone number to start using the app or wait for a one time password. Snapchat uses this strategy. At the time of registration it asks for username, password and email, but does not force you to verify the email before using the app. You can verify your email later (you may not have email setup on your phone) so that you can recover your account details in case you forget them.

For web apps, email along with a password is a good option. Emails should typically change less frequently than phone numbers. (Some people use the email from their ISPs and hence end up changing it frequently, but I suspect they are in a minority). If emails are used, users don't need to remember a username and an email is already unique, so a user does not have to spend time coming up with something unique as in the case of usernames. Recovery of account details with an email is also simple. However, it is a good idea to get a user to verify their email address. Some apps force users to complete this verification before giving them access to the app, which lengthens the registration process. On the other hand, if emails are not verified, you may end up in a situation where another user has created an account with your email address, and hence you cannot use that email address to create an account. Users on popular apps like Facebook often face this situation. Email with a password can also be used for mobile apps, however it is useful to remember that a user may not have email setup on their phone hence may not be able to verify their email right away, or access an one time password.