Why should usernames be unchangable?

Question

I read everywhere (and see in practice) that usernames should not be changeable. When I ask why, \'security\' is given as a reason.

I\'ve been searching for a definitive

Answer 1

There are a number of reasons from a security aspect that you may not wish to allow users to change their names. However, as an all-out "NEVER do this" - I don't necessarily agree. But, allowing name changes creates quite a bit of extra work. If you are going to allow users to change their identities, you have to be very careful due to the reasons below.

1. Maintaining a consistent user identity. Let's say you run a message board and Troll_1 is on everybody's block list. If Troll_1 is able to change his or her name, then all those user filters are no good and you have some unhappy users.
2. Along with answer number 1, you also want to maintain consistency across your underlying systems. If users are allowed to change names, you have to make sure you check that you either, update every system that that user is using so that he or she does not lose (or gain) permissions into areas they are (or are not) allowed. Additionally, if a user changes his or her name and a new user wishes to use that name, you may, inadvertently, allow that new user access to the old user's information/data/whatever if you have not done due diligence in updating your systems.
3. Depending on what type of system you have, allowing someone to change their user name can make your system prone to abuse from a fraud standpoint. You could have someone switching their name back and forth pretending to be two different people in an attempt to scam someone. An unaware victim may easily fall for it. (Sounds stupid, I know, but I have seen people come up with crazier crap.)

Anyway, as I said - I don't believe it's necessarily a bad thing to allow users to change their names. However, it does create quite a bit more work for you, the developer. User names now can't be unique IDs in a database and user names now don't necessarily relate to someone (because they can be changed later), so you have to have a different system in place for expressing "uniqueness."