Wandering Thoughts archives

2023-12-30

Email addresses are not good 'permanent' identifiers for accounts

Every so often someone needs to create a more or less permanent internal identifier in their system every person's account. Some of the time they look at how authentication systems like OIDC return email addresses among other data and decide that since pretty much everyone is giving them an email address, they'll use the email address as the account's permanent internal identification. As the famous saying goes, now you have two problems.

The biggest problem with email addresses as 'permanent' identifiers is that people's email addresses change even within a single organization (for example, a university). They change for the same collection of reasons that people's commonly used names and logins change. An organization that refuses to change or redo the email addresses it assigns to people is being unusually cruel in ways that are probably not legally sustainable in any number of places.

(Some of the time there will be some sort of access or forwarding from the old email address to the new one, but even then the old email address may no longer work for non-email purposes such as OIDC authentication. And beyond that, the person won't want to keep using their old and possibly uncomfortable email address with you, they want to use their new current one.)

The lesser problem is that you have no particular guarantee that an organization won't reuse email addresses, either in general or for particularly desirable ones that get reused or reassigned as an exception because someone powerful wants them. Sometimes you sort of have no choice, because account recovery has to run through the email address you have on file, but at other times (such as in theory with OIDC), you have some form of internal ID that is supposed to be unique and permanent, which you should use.

Even if you have to remember an email address for account recovery, you want your internal identifier for accounts to be meaningless. This will make your life much simpler in the long run, even if this is never exposed to people.

(There are also security issues lurking in the underbrush of reading too much into email addresses, cf (via).)

tech/EmailAddressesBadPermanentIDs written at 23:22:46;


Page tools: See As Normal.
Search:
Login: Password:

This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.