My Universal User Name

Over a decade ago I opened my bank account with a local bank. Once they went online, I was using my social security number and ATM PIN as user name and password, respectively. The idea of using SS# as user ID may seem scary now, but back them, everyone used SS# for everything. Health card number, employee number, Student ID and so on.
Over time, my local bank got sold, merged re-sold many times, and now it is part of a huge national bank. During these years, their URL changed, but I managed to keep my SS# and ATM PIN as login credentials -- until this last round. This time, I was forced to select a new user name -- something I liked.

What I did not like is this bank has a rule on how someone's user ID should look like. It has to have both upper-case and lower-case AND numbers. Now over countless websites where I have account, I always use a specific series of choices of username, and none of them have numbers in them. So the bank forced me to invent a new ID, which I knew I am going to forget -- and I did.

So what could be universal user ID ?

Email is a good choice -- everyone has one, it is unique, already personalized and come with a way of reaching the guy. LinkedIn, FaceBook etc all uses email as their ID.

A phone number could be one as well. In fact over years, mobile operators talked about owning the identity of their subscribers. Identity management is a complicated concept and I am not sure if mobile operators will get in to this. Read this article on GigaOm on good discussion on using phone number as identity.

Here is a funny advertisement on using mobile number as identity.

Anyway, going back to original topic, so what is the right universal user name ? Ideally it should be something biometric, along with a scheme to protect it from misuse. If my user name gets stolen, I can use another one, but if my fingerprint gets stolen, tricky situation. Something like a one way hash function that will generate a **new** finger print will be required. Companies like VeriSign will be needed to set up identity management service and readers will have to be ubiquitous.