The frailty of usernames

When “Hela — The Destroyer” complicates your registration process!

Let me preface this article by making it clear that, of all the problems you’ll face when creating a new product, this is of the lowest business priority; but a fairly high customer priority. Should you choose to proceed, remember that a stitch in time saves nine! 😉

What’s in a username?

Let’s take an example of a possible feature on — reviews and ratings. In a fairly simple process, you’ll be asked to review your purchases and those will appear on the website — something like:

Reviews captured for a product (screenshot of modified HTML)

And it’s a fairly simple flow for the Noon product team to implement — Launch the feature, invite customers to write their reviews and viola! a fully functional, feature-rich review system with deep data insights into their customers, ready for incremental improvements churned out almost daily by the team.

But wait… what’s the problem?

Psshhh! you’ll say — that’s too far fetched and an edge case! People are not stupid! I say, Exhibit A:

A fake twitter account was able to get thousands of dollars from unsuspecting Litecoin owners by employing scammy tactics

Of course, the impact of this scam was reduced, compared to the damage it could have done — thanks to the verified account statuses that Twitter provides. It is easy to overestimate the smartness of your users, the little few that take things for face value on the internet soon grow into a majority through the social validation effect.

There is no protection against human stupidity. For every technological/user experience marvel you produce, there will be one human who’ll exploit it and one human who’ll get exploited by it. Nothing is safe!

What can you do?

1. Verified statuses for each popular reviewer. Badges help.
2. Throttle your reviews and votes by individual/account.
3. Constantly monitor reviews for similar content (products with low rating getting a high hit of positive reviews? Something is fishy there!)
4. Random sampling of reviews/users to ensure they’re legit.
5. Provide means to verify authority — you have to experience it to review it. So put some restrictions on who can review and the value of each review.

Can emails replace Usernames?

  1. Usernames are not Case sensitive
  2. If the usernames have commercial impact (by virtue of their opinions), skip Usernames and replace with Names (First Name + Last Name). Provide anonymous option too.
  3. Do a l337 search to ensure popular names are not being hijacked via l337 replace. (See here for l337)

Thank you for reading! Hope you enjoyed!

Simplifying Complexities for a Living |

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store