Just a number. Remember ICQ? They simple had a number increasing for each new registered account. I mean, if the users still get to set an arbitrary display name, then just give everyone a number as user„name“. Sorted by registration date, this would be the most fair process.

And then yes, there is no validation that someone named „@verge“ is really from TheVerge – simply because there is no such name, and users just need to tell people that 3728348 is their handle. Like a phone number. Unique, easy, fair.

Any string that isn't taken.

That sounds like more effort for the user: now they have to remember some random string in addition to their email address.

If every website did this, no one will ever sign up.

Why would it be "in addition to" their E-mail address? And do you have a problem remembering your E-mail address? I don't understand your objection here at all.

Not to mention, I said ANY string; that could be your E-mail address if you want it to be.

Finally, your assertion about "any Web site that did this" is absurd, since a huge number of (probably even most) forums are powered by software that requires you to specify a user ID that doesn't have to be an E-mail address.

Implying that one would remember their email address but would forget the 2nd item for identity. Combining email address with another string to create a unique ID isn't the answer either. Any combination of string+salt can be broken. What we are getting at is that it shouldn't be on the user to have to remember yet another identifier for XYZ website or service. We already have the concept of usernames, email address are somewhat unique, and you can suffix numbers like they do. If you really want unique ID's, decouple login from your identifier. On Steam, people login with their username or email address, not their Steam ID. For some, their Steam ID is 9999999999999999 long. For others it's 99999999 long. It all depends on when you joined Steam.

I've never seen a site that used legitimate IDs but offered no way to recover them. If you forget your ID, you can have it sent to your E-mail address.

I also said that users COULD use their E-mail addresses if they wanted to. An E-mail address is a string, and I said "any string." I mean you yourself pointed out, "On Steam, people login with their username or email address"

So what's the problem?

> Why would it be "in addition to" their E-mail address?

Because they already have to remember their email address for other things, like to give it to people, to log into LinkedIn, etc.

Now you want to give them another piece of information that they must remember in order to log in?

I already said that they COULD use their E-mail address if they wanted to. I said ANY STRING. What is the problem?

You do realize that millions of Web sites, including every financial institution's (that I've ever seen, anyway) let (or require) users set up legitimate IDs that are separate from their E-mail addresses, right? Or is this news to you?

Millions of forums based on PHPBB alone use proper user IDs instead of forcing users to use an E-mail address. That's just one open-source forum system: https://www.phpbb.com/community/viewtopic.php?t=546501

If you want more info on why E-mail addresses are a stupid user ID: https://goldmanosi.blogspot.com/2012/06/forcing-people-to-us...