Web sites, or Internet sites, very often provide information, products, services, and the like to their users. Many web sites require users to “register” before their web servers will grant access to the users. During registration, a user typically supplies personal information such as username, account number, address, telephone number, e-mail address, computer platform, age, gender, and/or hobbies to the registering web site. The registration information may be necessary to complete transactions (e.g., commercial or financial transactions). Typically, the information also permits the web site to contact the user directly (e.g., via electronic mail) to announce, for example, special promotions, new products, or new web site features. Additionally, web sites often collect user information so web site operators can better target future marketing activities or adjust the content provided by the sites.
When registering a user for the first time, a web site typically requests that the user select a login identifier, or login ID, and an associated password. The login ID allows the web site to identify the user and retrieve information about the user during subsequent user visits to the web site. Generally, the login ID must be unique to the web site such that no two users have the same login ID. The combination of the login ID and password associated with the login ID allows the web site to authenticate the user during subsequent visits to the web site. The password also prevents others (who do not know the password) from accessing the web site using the user's login ID. This password protection is particularly important if the web site stores private or confidential information about the user, such as financial information or medical records.
If the user visits several different web sites, each web site may require entry of similar registration information about the user, such as the user's name, mailing address, and e-mail address. This repeated entry of identical data is tedious when visiting multiple web sites in a short period of time. Many web sites require the user to register before accessing any information provided on the site. Thus, the user must first enter the requested registration information before he or she can determine whether the site contains any information of interest.
After registering with multiple web sites, the user must remember the specific login ID and password used with each web site or other Internet service. Without the correct login ID and password, the user must re-enter the registration information. A particular user is likely to have different login IDs and associated passwords on different web sites. For example, a user named Bob Smith may select “smith” as his login ID for a particular site. If the site already has a user with a login ID of “smith” or requires a login ID of at least six characters, then the user must select a different login ID. After registering at numerous web sites, Bob Smith may have a collection of different login IDs, such as: smith, smith1, bsmith, smithb, bobsmith, bob_smith, and smithbob. Further, different passwords may be associated with different login IDs due to differing password requirements of the different web sites (e.g., password length requirements or a requirement that each password include at least one numeric character and/or at least one uppercase character). Thus, Bob Smith must maintain a list of web sites, login IDs, and associated passwords for all sites that he visits regularly.
Using a presently available multi-site user authentication system (e.g., Microsoft®.NET™ Passport single sign-in service), a web user can maintain a single login ID (and associated password) for accessing multiple, affiliated web servers or services. Such a system permits the user to establish a unique account identified by an e-mail address. An EASI (E-mail As Sign-In) account allows the user to use an existing e-mail address as a login ID, or sign-in name (e.g., Jane@e.com) while supplying all of the other attributes used to create an account. Note that the user can specify different passwords for the authentication system account and the e-mail account. In general, only the e-mail sign-in name needs to be common between the accounts. Contrary to a non-EASI account, a third party or otherwise unaffiliated e-mail provider hosts the user's e-mail service.
Notwithstanding the benefits of such a system, allowing users to use any e-mail address that is not hosted within the authentication system creates a problem. A user can create an authentication account using an e-mail address that he or she does not own. For example, Jane owns an e-mail account at Jane@e.com. However, when she signed up for an account with the multi-site authentication system, she registered a different sign-in name (e.g., Harry@e.com). In this example, Harry will not be allowed to use Harry@e.com as his sign-in name even if he properly owns the e-mail address because someone else, namely, Jane, has already taken the sign-in name. Moreover, Harry may receive e-mails from various affiliated web sites intended for Jane because she signed into the sites using Harry's e-mail address.
The problem is compounded when the original owner of the e-mail address (i.e., Harry in the example) attempts to register for an account. The service notifies the user that the selected sign-in identity (i.e., the e-mail address) is already in use by another user. The owner of the e-mail address is then forced to register with a different e-mail address (either by obtaining a different e-mail account or by registering under a false e-mail address), which creates additional problems.
For these reasons, improved conflict resolution is desired for authentication systems and the like to reduce operational errors and improve user registration experience.