I mean, a fair amount of people have point out my system is flawed and has been done better so its kinda a waste of time but i don’t think these are good against arguments against it so i will try to clarify this a bit more.
The sign is not a point of entry, it doesn’t matter that people can copy it anymore than people can have the same first name as you. There is very little anyone can win by knowing or copying your sign except maybe light bullying. It definiteness inst worse then what stranger can do with your email address. It is a name people can use to identify you but its not a proof of identity on its own, you’d need to combine it with something like a password for that.
At this point of time every site, every store every account is made using your email, the databases already exist. Rather then just inventing a brand new system for new sites, i though of something that could work with the current one. They only need to check their existing database once per email and change it into the hash, so now the user can login using the hash and can no longer login using he email.
The email verification thing is bog standard procedure we use today build in every account registration setup to guarantee that its the owner of the email that is making an account, i would be using it the same way to make sure you cant create a code for someone elses emai. You may wander how to do this when there is no more email in the registration for other sides. Easy, there is no initial check, its not a problem irl that people have the same name, neither is it a real problem that someone used your sign for a login, i cant see a reason why they would but next to forgot pasword there is now “Someone else has used my sign” In this case the site could still ask an email address as a secondary identifier, Cross reference the email again the code itself (as the code contains the algorithm to convert the email into the code), send standard verification mail so the owner can proof ownership. old account gets deleted and they get a new one. Using someone else sign cant be stopped just like you can pick any first and last name on facebook but because we know the signs to be unique it should be against TOS to create an account using someone a sign made with an email you don’t own without permission.
This has gone on to long again, its a flawed idea, i wont actually execute it and i pretty much expected it to be shot down, the feedback is still valuable to me, which is why i did it.
I’ll summarize myself and my initial intentions in a final stance.:
I firmly stand again the practice of using email addresses as usernames for online identities, there are good reasons for sites to require your email address but a username or way to login is not a good reason for such sensitive communication-information.