I’ve been spending a bunch of time lately thinking about usernames and passwords, and other types of credentials, and concept of “ownership”.
When you get a credit card, on the back it typically says something like – “Your card is issued and serviced by XYZ Bank pursuant to a license from Visa USA. Its use is subject to the terms of your Cardmember agreement”.
The credit card isn’t really your property, it is the property of the bank, and you are just being allowed to use it for payments.
When you sign up for an account online and create a username and password, that website has a decision to make:
- Those credentials belong to the website. They aren’t the users property, they are the property of the website and their use, etc. is subject entirely to the terms-of-service of that website.
- Those credentials belong to the user. Their use, when the user should use them, where else the user uses them, etc. are entirely in control of the customer.