: Do user names used for login need to be unique? Assuming a non-commercial site where users login with a user name and pw, do I need to enforce unicity of usernames? Note: The db will use

@Yeniel560

You always need a unique identifier for user logins. Usually this is the username but you could, for example, use the email address or your "separate unique index". I wouldn't recommend using the latter in the login form, it makes logging in more difficult.

You cannot force two users with the same username to use different passwords. This is very insecure because if I am refused registration with a particular combination, I now have the login credentials for another user.

Vote Up Vote Down

@Heady270

A good way is to do this is have users login with email addresses and add a database field "nickname", which you set like "user3452" when the user registers and the user can change it to anything they want. But he still has to login with his email.

More users with the same username is a way to hell.

Vote Up Vote Down

@Pierce454

It would save a lot of trouble down the road it the user names are unique from the get-go.

Vote Up Vote Down

@Kevin317

It doesn't have to be unique. But if it's not it makes your life more difficult. Having a unique username means there is only one possible password for that username. If it's wrong, you don't have to go looking for another user with the same username to compare it to. It's gets really complicated when someone requests a missing password. How do you know who it is for? Email address? What if they don't use it anymore? Or forgot which one they used?

Recommendation: have unique logins. It's the best way to identify individuals.

Vote Up Vote Down

@Angie530

Do they have to be unique?

No.

Should they be unique?

Depends upon what you think should happen when two users with the same username and password both try logging in at the same time.

Vote Up Vote Down