I would like as simple as possible a registration and login process. Should I use a username or an email address as the key identifier during the login? (Presumably the user db might also a user name AND an email address (and a unique ID number, first and last name, etc) - my question is just for the login and registration.
PS: For those interested in this question, it was asked on the webmaster QA site, but the angle here is different (see http://webmasters.stackexchange.com/questions/3096/user-registration-forms-do-we-need-a-user-name ).
I prefer username, don't make me type my full email address please! In the registration process you should ask for the email address to make sure your users can reset their password/username if needed. I usually have the same username for many different sites but different email addresses, depending on what type of site it is.
I would suggest you use username as key identifier as you need to allow for users to change their email address.
You may consider also asking for (and verifying) an email address during registration incase the user forgets their password. ie. on the forget password form allow the user to enter a username or email.
When I used to work a 9-5 job, I used to change job every few years... that meant I changed email every few years. If you set the login to be an email address once-and-for-all-time... and I change my email address, then I either have to lose my login for your system, or change the unique identifier that you use for me to login.
It's a much better idea to have a username that will always stay the same - and let me use the email address just for it's original purpose - ie getting in contact with me via email.
Why can't the user have the option:
This way, users that setup the account under a company email address can change it and keep it associated with the username for this account.
Obviously more difficult to implement, but the goal seems to make the user's experience as easy as possible without painting them into a corner.
Since the question is about the simplest process, the answer seems obvious: Email and Password.
Why? Because you need to get back to user to send password reminder, so you need Email anyway. Then what is good about username?
It was mentioned that you can have the same user name easy to remember. What if next time you try to register, that username is taken? Now we are back to the problem of zillions of usernames. We already have problem with multiple passwords, do we want to add multiple usernames?
In contrast, little I remember better than my email. Forgot? Look in your mailbox! An objection mentioned when people change jobs or emails. But it is so easy to get a permanent email these days! Why not using that one?
Finally, if you really need to change the email, you can add it, validate, and allow the user to register with either one. Then the user can delete emails from the list. Slightly more complicated on technical site but not much so, comparing to the main security functionality of email validation and password recovery.
If maintaining a User Demographics is not critical to your System, I would defer the Authentication to Other providers...
Open ID is good, But confusing to a lot of users... Better option is having multiple options.
90% of users have a Google/Yahoo/Facebook account. (I am making up the numbers here, But you get the idea).
Have options, which say, Login with your Google account, Facebook account, Yahoo Account or your OpenID. If you have neither, then and only then create an account on your System