A case of wrong email identity

As far as Facebook is concerned, your email is your identification. This is true for other social networks like LinkedIn, and little by little it is imposing itself on many other Web 2.0 services. In fact, it makes perfect sense that your unique identifier (your “ID”) is your email; it’s unique by definition, it’s easy to remember, and most services need the email information anyway (for example, to send you a password reset). So combining the fields ’email’ and ‘username’ makes a lot of sense.

Unlike in the past where users changed email frequently, we now have hotmail and gmail and custom accounts that we can take with us when we change jobs or ISPs. Email is private (at least as private as regular mail) and if my bank is comfortable sending me alerts and other information via email, it is definitely safe enough for the rest of us.

So if the email is meant to become the equivalent of your social security number or identification number (depending on the country you live in), how do we check that the email address we type does not contain any typographical errors? Most identification numbers have a check digit that acts as a checksum to make sure the identification is spelled correctly. With email, we don’t have that, so you’re emailing Vista’s latest prank to your co-worker friend Bill Howards on the Vista team and your finger slides and the mail goes to billg @ microsoft .com.

Or worse yet, with gmail I’ve been getting emails that belonged to some other Aviram that was too slow to pick up aviram @ gmail before me. Most of this wrong email ranges from boring to funny, but today I received a purchase confirmation with the order number, the amount, and the last 4 digits of the CC number. As I “own” the email associated with this account, preventing me from logging into this guy’s account (having the ecommerce site send the password to “my” email due to my temporary amnesia) and redirecting the order to another zip code that happens to be my home?

Sure, I would never do that to a fellow Aviram. But what happens when our possible future internet identification our email is misspelled in some government database and all the IRS information the special internet voting code and who knows what else is sent to our alternate identity, the guy? who lives next to us on the keyboard? Not well.

Receiving someone else’s order information is an obvious lesson for websites – be sure to verify the email address. Sending a test email and waiting for confirmation is a good security practice, as you are not only confirming that the person entered their email address correctly, but you are also confirming that they did not enroll their mother-in-law in your wonderful daily service. of jokes for adults as payment. back for the last thanksgiving.