Well it's up to you! I've used both, to me email seems better. You can create a script that pings the email to see if it's real and you can just send a quick verification script to double check!

Depends on the business - if it has anything to do with financials, money, etc, I would not recommend it. Because the site is already half cracked - people know the user name.

You could potentially put a check mark beside the input box stating 'Use my email address as my username' and let the user decide.

-Corey

thanks for your replies.

i think i am going to ask for both a username and a password as corey suggests.

I don't use usernames. I'm stuck when it comes to logins. I pass a super random string through orders email, cookies and email conversations and it keeps me really well connected to the customers.. Personally, I hate having to remember any credentials for a website so I've built the site for a customer like myself.

But I guess my next problem will be how to I offer very frequent customers a way to easily log in and get preferred treatment/prices etc? I'd probably go with email but I'm not going to like it.

I forget what email I use all the time for certain things.

later on the real johnsmith@yahoo.com comes along and wants to sign up. yet he is prevented from doing this because my database already has an entry under this email address!

You can put a statement, "That username/email appears to be taken. If this is your username/email, then please use the password recovery link/function". They then just verify the email address, and the system sends the password to the email on file which is the username. They then can login and change it if they want to. That way, it is simplified, and unless the 'poser' has access to the 'real' user's email account, they can never actually do anything with it.

We use email address as the username, it is one less thing for people to remember. Also, not to be too liberal, BUT, what are the chances that someone will actually register a username that then tries to buy from you. Pretty slim. I would't waste a lot of effort planning for that scenerio. Plan and program for the 99%.

As long as the username/email addy are PRIVATE, as in viewable to the individual customer only, it is useful and convenient! I truly hate having usernames and passwords galore all over the internet.
On the other hand, if you will ever add features like a user forum, or anything else where others' usernames will be visible to other customers, you run into problems of the names being harvested by spammers. Even the PERCEPTION that this might happen somehow is a big potential turnoff to would-be customers.

Amazon.Com uses email addresses for logins.

Our problem however is that a fair number of hotmail / ISP based email addresses expire over a period of time, so we prefer to stay away from using the email address as the login name.

Of course you need to check those addresses, by sending a validation code there that the user then enters on the web site. Failing to do so within a few days will cause the registration attempt to be dropped.

i think i am going to ask for both a username and a password as corey suggests.

Um, so you actually considered to *not* require a password?