As far as Facebook is concerned, your email is your ID. This is true for other social networks such as LinkedIn, and is gradually being imposed on many other Web 2.0 services. It actually makes perfect sense for your unique identifier (your “ID”) to be your email: it’s unique by definition, it’s easy to remember, and most services need the email information anyway (for example, to send you a password reset). So combining the ’email’ and ‘username’ fields makes a lot of sense.

Unlike in the past, where users switched emails frequently, we now have hotmail and gmail and personalized accounts that we can take with us when we change jobs or ISPs. Email is private (at least as private as regular mail), and if my bank is comfortable sending me alerts and other information via email, it’s definitely secure enough for the rest of us.

So if the email is meant to be the equivalent of your social security number or identification number (depending on the country you live in), how do we check that the email address we typed in doesn’t contain typos? Most ID numbers have a check digit that acts as a checksum to make sure the ID was spelled correctly. With email, we don’t have that, so you’re emailing the latest Vista joke to your co-worker friend Bill Howards on the Vista team and your finger slips and the email goes to billg@ microsoft.com.

Or worse, with gmail I received emails belonging to another Aviram that was too slow to catch aviram@gmail before me. Most of these wrong emails range from boring to fun, but today I received a purchase confirmation with the order number, amount, and the last 4 digits of the CC number. Since I “own” the email associated with this account, which prevents me from logging into this guy’s account (having the e-commerce site send the password to “my” email due to my temporary amnesia), and redirect the order to another zip code that happens to be my home?

Sure, he would never do that to a fellow Aviram. But what happens when our possible future Internet ID, our email, is mistyped into some government database and all of our IRS information, special Internet voting code and who knows what else is sent to our alternate identity, the guy? who lives next to us on the keyboard? Not good.

Receiving someone else’s order information is an obvious lesson for websites: be sure to verify the email address. Sending a test email and waiting for confirmation is a good security practice as it not only confirms that the person entered their email address correctly, but also confirms that they did not sign up your mother-in-law for your wonderful daily prank service. for adults as payment. back for the last day of thanksgiving.