this makes email address a requirement. What do we do with people who don't have them? Or share an account. I would recommend they open one and provide links to Gmail, Outlook. I think the complexity of supporting alternative models is too great and could impact too much on the large majority.
people change their email addresses, and may not recall that they used an old email address with your service
you can't use them publicly, for example Twitter usernames are used in profile URLs, and to @ mention people
If you have thoroughly researched the users of your service and discovered that they all have email addresses, for example because they are all specialist users who use the service only for work, then you may not need to offer any other option.
a reference number or similar that is related to a particular transaction
based on their name or some other data that is entered by the user.
A service-generated username has the obvious problem that it has been made by a computer, not by the user. It is unlikely to be memorable. It may be acceptable for one-off use, but is unlikely to work well for use of the service on repeated occasions.
If you decide on this option, then you must ensure that you have excellent support for people who’ve forgotten their username.
Decide how to help people who’ve forgotten their username
Some people will forget their username, particularly people who:
use your service infrequently
use many different services or
have low digital skills.
Consider these recovery methods:
asking users to provide one or more security questions when they set up the account, then answer them to retrieve the account
send an account recovery code to a phone associated with the account
send an account recovery link to the email associated with the account
Decide whether to allow people to change their username
Some people will wish to change their username. Examples:
it is an email address that is no longer available for them
if people are homeless or in and out of work etc then they may not have, or may not recall, email addresses.
if money is short then several people in a household may all share access to the internet and hence share an email address.
are more likely to have low digital skills
are less likely to have access to a computer
may not have an email address, may share an email address with other members of the household, or may have an email address but not know what it is or how to use it.
Also: even amongst those of us who use email regularly, we may not recall which email address we used for a service or remember all of our email addresses. Example: I had to look up a business email address that I use rarely, but had to resurrect this week because my primary email account suddenly took against someone and I didn't want to use my personal or government email for that particular discussion.
Examples from elsewhere
TV licensing avoids the requirement for username by allowing users to access their license details using
AirBnB.com offers sign up with Facebook, Google, or email address/password. For a few years, they allowed members to see each other's email addresses - then they realised that this revealed part of the access credentials. They now encourage members to use their internal messaging system to avoid revealing emails
Skype asks users to create a 'Skype name'. They discovered that some infrequent users created a new Skype name each time they wanted to use the service
Twitter offers users a selection of available usernames based on the user's name and email address.
Log them in, but take them to a page explaining they need to confirm their address - no other page should be accessible
Show the address the email was sent to
Provide a way of resending the confirmation email.
When a user clicks on the email confirmation link
Some commercial services start users in a non-blocking loop initially, gradually transitioning to a blocking loop.
What's the rationale with time-dependant verification loops? Eg where you have to click the link within a certain amount of time or your account is deleted? I guess it's a way of avoiding lots of dormant accounts that might have been set up by bots?
Peter Noble wouldn't 'qualifications in circus arts' be the most descriptive text for the link? But yeah, I think in the case of linking to both organisations, the bolded text looks fine. A possible alternative:
Organisations that run part-time and full-time courses in circus arts:
While it's right to avoid accounts unless absolutely necessary, government also needs to keep any sensitive information safe and only show it the right people (normally just the user involved and people processing that data). Currently we advise all services to create a new account system in this case, which is bad for the user as they will need to remember many usernames/passwords. In my mind there are two options:
We recommend passwordless accounts based on users existing email accounts
GOV.UK Verify provides a 'basic' account
Currently, GOV.UK Verify asks for proof of a persons identity - this is rightly an in-depth process. However not all services need this, and it's against guidelines to ask for data that's not actually necessary for a service. So a good alternative for now might be to use 'passwordless' accounts that send a time-limited token to a user's email address, as used by services including Slack and Medium. We would need to check this is compatible with government security policy.
In the future, GOV.UK Verify might offer a more minimal 'basic' account that would be suitable for this purpose.
Use this section to show and discuss research on how to improve this pattern
It would be good to add something around third-party services, i.e. "login with twitter/google/facebook." I assume these would not be an option because of information leakage (telling facebook that firstname.lastname@example.org was interacting with XXX government service), but I think guidance to that effect would be useful.