DEV Community 👩‍💻👨‍💻

Cover image for Changing your name is a hard unsolved problem in Computer Science
Penelope Phippen
Penelope Phippen

Posted on

Changing your name is a hard unsolved problem in Computer Science

The nerdy joke is that there are only 2 hard problems in computer science:

  1. Naming things
  2. Cache invalidation
  3. Off by one errors

I've recently had the interesting experience of changing my name. I have my name: the one I use on a daily basis, the one I identify with, the one to which I actually respond. I also have the name I was born under, or my "deadname" in the colloquial trans parlance. I don’t really identify with this name any more, but it follows me around like a spectre haunting Europe. There's now a noticeable gap between me hearing my deadname and realising someone's referring to me. It's fun to see how quickly those things change.

So, this brings me to my primary conceit for this post. We, as an industry, are horrible at accepting name changes for folks. In this post I'll give some examples of things I've seen done wrong. I'll show you how you can make your application better for folks who are changing their name. Let’s dive in!

Google accounts, and single sign-on

Disclaimer, I work for Google. This section is my opinion and my best understanding, and does not represent the opinions, or views of Google LLC, or Alphabet Inc. In my opinion Google has done a lot to make changing one’s name easy, which I really appreciate, but some folks using Google APIs don't do the best integration here

There are two types of Google accounts, individual, and GSuite Google's business offering. Each Google account has one primary email address, and zero or more aliases associated with it. The most important thing to know is that the primary email address can change on the same account.

So if you're alice@somegsuitedomain.com, you can become bob@somegsuitedomain.com. When you do that you keep your account, inbox, and all your Google apps access under the same account. Under the hood there's a stable identifier that's associated with the account that does not change when the email address changes. In other words, an email address is not the primary key of a Google account. When you change your Google email address, Google sets up a permanent, undeletable, alias for the old email address. This means if you send an email to the old address, the person will receive it. However, I suspect if you ask most folks, they'd tell you they don't want to see it.

If your application implements single sign-on with Google, you should key off the stable ID, and not the email adress or name. if you store the email and name in your database, you should change them if Google tells you they has changed.

Let's look at the mechanics of how you can implement this with Google's OAuth APIs. I set up the basic OAuth workflow in Rails, and the first details that came back from my account were (partially redacted):

 {"provider"=>"google",
 "uid"=>"113017XXXXXXXX8346486",
 "info"=>
  {"name"=>"Penelope Phippen",
   "email"=>"penelope@rubycentral.org",
   "unverified_email"=>"penelope@rubycentral.org",
   "email_verified"=>true,
   "first_name"=>"Penelope",
   "last_name"=>"Phippen",
   "image"=>"https://lh3.googleusercontent.com/-Tj-GuDdntsY/AAAAAAAAAAI/AAAAAAAAAAA/ACHi3rfGmAsSR_4ZenyOeMkId6EERxmFIg/s50-c/photo.jpg"},
Enter fullscreen mode Exit fullscreen mode

Now, it's worth noting, the email address associated with this account used to be different. Every time you do an OAuth exchange with this account, it'll give you the new email address and name. So, the right thing to do here is update your user record with the new email address and name every time you get a new OAuth payload back. If a user's name has changed, you can assume it's intentional, and update from that. The thing that will always be stable is the uid field, which actually comes from the sub field in the raw OAuth response.

Let me change my username, you cowards.

The next is the family of applications which have their own auth. Before email became the standard way to identify users, we had the username. Many applications have long since migrated off letting users specify usernames. Those apps are now authenticating only with email address.

I've found that certain applications don't let you change your username. I used my deadname as my primary internet identifier up until I changed my name. If I can't change my username, and I've accumulated significant data on your application, I don't want to have to destroy my account and start a new one. This puts me in a place where your application is repeatedly deadnaming me, and I can't do anything about it. Build in fungibility of your usernames, let folks change them. Please for the love of all that is holy don't use a user provided string as a primary database key.

Don't allow for username re-use

This one is a security/harassment vehicle. On websites like GitHub and Twitter, you can change the username associated with your account, which is great. However, this introduces a new problem, what to do with the old username?

Both GitHub and Twitter allow for a username to be registered the moment that you change your old username. On Twitter, this means that when a person changes their username, you could immediately impersonate their old identity. On GitHub, this means that if people are pulling software from your old name, someone could immediately replace your repos with malware.

On both sites, I now have "squatter" accounts, that hold my old name. This is largely a security protection for myself and those who follow my work. I've written more than one pretty popular software package. People could plausibly be git cloning those packages as their dependency management strategy (please don't do this). It's worth noting GitHub does set up redirects until someone with the same username creates a repo with the same name, but a targeted attack would be almost trivial to pull off. On Twitter, I didn't want a troll occupying my old name and pretending to be me.

Here's the thing, almost certainly, re-using a username is something that you never want to have happen. Unless there's literally 0 security or harassment opportunity with your application, letting someone else occupy someone's old name is going to result in problems. The right thing to do is, most likely, just redirect everything under the old name to the new name, and not let anybody else interact with data on the old name.

Caching name off other identifiers

I first encountered this one in real life in a virtual queueing system for a restaurant. They asked me for my name, I said "Penelope'", then they asked me for my phone number. Dutifully, I gave them my phone number (which hasn't changed since I moved to the US). Then when they texted me to tell me my table was ready the text contained my deadname. Annoying, but NBD I thought. Then when I got back to the restaurant, my friends and I were treated to being told our table for [my deadname] was ready.

What's upsetting about this interaction is that I had given them my name. Whatever virtual queuing system had grabbed my name from some previous interaction with it, and then not properly invalidated it when I gave them my new name. As far as I can tell, having backtracked through their website there's no way for me to manually change my name in their system. So I expect I will just continue to get deadnamed by this system for the rest of my life. My other choice is to change my phone number, which is obviously annoying.

The lesson here is that names are fungible in relation to other identifiers. In the case of phone numbers, well, they can get recycled. A phone number belonging to only one person for an extended period of time is the exception and not the rule. In my case, this naïve exception has resulted in my life now containing additional annoying and upsetting interactions.

You don't even have to use my legal name for most things

Now we come to the section of interactions where using my legal name is an admitted requirement. If you're a government organisation, financial institution, or other similar body, I understand the need for your company to know my legal name. That's fine, I'll be changing it soon, but in the meantime, I'd like to point out that you don't need to use it all the time.

To use an example, let's think about one of the investing applications I use. When I set up my account, they took my full legal name, to verify my identity. Ever since, they've emailed me using that name. Even before I changed my name, I didn't use my full legal name for most things. I used a short version. It feels weird and overly formal that all their product emails are addressed to my legal name. I can't set a different name with them. Now that I've changed my name, things reveal my legal name that absolutely 100% don't need to. A simple statement doesn't need to use my legal name. From their perspective, there's no difference between Hey <legal deadname>, here's your balance and Hey Penelope, here's your balance. Unlike a bank statement, those emails can't be used for proof of address or similar so they don't need to be so formal.

I’d also like to point out that legal names can change. Changing my non-legal name has been enough of a battle with tech companies as it is, I’ll be sure to detail all the things that are needed to get that legal name change everywhere in a future post. In the meantime, see if you can do some work to make it easier for folks to change how you address them in your apps.

A more extreme example of my legal name being used unnecessarily is when I'm talking with my credit card companies on the phone. They only know me by my legal identity, but it'd be vastly more comfortable for me if I could use a different name and honorific on the phone (miss instead of sir). Again, in that context there's no impact to them for doing so, but there is a huge impact on me. It's also not the sort of thing where I feel ok just being like
“Hey, this seems kind of weird, but could you refer to me as Miss Phippen instead”. If your application does require a legal name, please consider having fields for preferred name, pronouns, and honorific that your staff/communications can use to address folks most of the time.

Conclusions

This post hasn't even covered all the ways that you, dear reader, likely have no power to make name changes. OS X and Windows both burn your username into the OS install in such a way that you need to reinstall to ever get properly rid of it. There's a constellation of things that will probably always bare the wrong name for me. This post gives a few practical tips for fixing that, however. And I hope you can do a little to make it easier for all of us, in the locus of control you do have.

Consider this my ask to you, that if you’re working on a product that involves using someone’s name, pronouns, or honorifics, that you make it easy to change in a self service manner. This is a basic dignity for many folks, and it’d mean a lot to me.

I'm coming to this from the perspective of someone who's trans, who has changed their first name to signal a significant change in who I am. This isn't the only reason someone changes their name (see also: marriage, parents getting divorced, and myriad other reasons), but my use case has thus far worked as something of a stress test for various computer systems.

For all people, there is an essential dignity to living our lives being identified as we want to be. As you develop your computer systems, please keep the following things in mind:

  • A person's name can change (and with a pretty high probability, will) once or more in their life
  • A person will want to change multiple identifiers when that happens including email addresses and usernames
  • if your application doesn't allow for that, the person might experience significant pain or distress because of that inflexibility
  • A legal name is something that someone may wish to be not associated with frequently, and you should allow folks to give you another name against which to refer to them and then use that most of the time
  • If you want to make your application more friendly to a wider set of humans you should support making those changes

Thank you so much for reading. If you liked this, please consider following me on twitter @penelope_zone.

Top comments (85)

Collapse
 
ben profile image
Ben Halpern

A person's name can change (and with a pretty high probability, will) once or more in their life

Cis men are the group generally least affected in our society right now, and this is one of those problems which would likely be handled much more smoothly if they weren't so overpowered in computer decision making.

Collapse
 
powerc9000 profile image
Clay Murray

Amen, this is why diversity is so important. There's nothing evil about being Cis and white but your experiences are not the experiences of everyone else. We may be the majority in tech but are certainly not in the world!

Collapse
 
v6 profile image
🦄N B🛡

the group

I'd say there are other groups less "affected" than that one. In the "Privilege Olympics" there are many contenders.

The question here is about identity vs identification, and of the interests and independence of users vs service providers. Perhaps there are even implications for surveillance & mass control. But I think it's a stretch to characterize this primarily as a question of discrimination and diversity.

Collapse
 
pictor13 profile image
Igor Pellegrini

Not saying there is no truth in you comment, but I think there's a biased generalisation here, making it a matter of privilege.
I believe it is more a matter of either education and experience.

Developers (or decisions makers) of any category can't know every case, as they aren't machines; they'll do mistakes and oversimplifications. They'll almost always miss at least one use case; we shouldn't blame them for that.

I believe it's a limit of the industry as a whole, more than a social issue.
Designing in a more inclusive way is something that, I think, is more related to the responsibilities of a Domain Expert or a UX Designer; but the industry doesn't value those roles enough, or not yet.
In 10/20 years we might still have the same level of patriarchy, privilege and inequality, but I'm pretty sure it will be a lot more common to make inclusivity considerations while designing (either at UX, at domain or at technical level).
It's a matter of yet immature industry (a really young one, regardless of who make decisions), and of shared common knowledge and practices gained through time and experiences.

I would hope for improvement in team building and education, so that everybody is given the tools to be aware of issues that need to be addressed. So that everybody can share more wisdom to future IT workers and contribute to a better base of common practices to consider and remember.

To conclude I'll exemplify my point:
Personally I often complain of website assuming the user nationality or language, based on biased factors: my IP address won't reveal what language do I speak or what's my nationality, nor will my OS language, nor will half of my full name.
I don't make it a matter of privilege, but rather ignorance (that is: lack of exposure).

Collapse
 
lazerfx profile image
Peter Street

This has multiple significant impacts - for one, there's those who go through a name change because of life changes like those mentioned in the article, but also people change names because of purely personal reasons (for instance, deed poll), marriage, adoption, or others that I haven't thought of. This impacts more than 50% of the population at some point in time! Not to mention couples where both change their names (double-barrelled surnames) or where family names adapt as you grow and 'gain' names as some cultures do it. So - no matter why, this should be something we are better at, I completely agree... and it's a huge problem (My wife is still changing her name and going through hassle, nearly 6 years on from us both getting married).

Collapse
 
davo1962 profile image
davo1962

On a related note I once read about a legal name which could not be entered in most computer systems. The man was a refuge from China (?) whose last name was the single letter "O." This was, almost always, flagged as an invalid last name because because it was too short. He legally changed it to "Oh" and was quoted as feeling that he was betraying his ancestors.

Collapse
 
thiagomgd profile image
Thiago Margarida

Last year in college I had a colleague that had only a first name. I didn't enquiry further as to why, but anyway, I figure it must be a pain.

Collapse
 
ekafyi profile image
Eka

It is common in some parts of the world. My country has > 1000 ethnic groups, and many of us don't recognize the concept of surname the way Westerners do. Nowadays most of us who don't have surname either have multiple given names (I'm in this category), or new parents just add Western-style surname to their babies' names. I'm in my 30s, personally acquainted (ie. work colleague, former classmates, etc) with ~5 people who has one name.

Collapse
 
vickilanger profile image
Vicki Langer • Edited on

Miss Penelope, this is an eye opening piece.

I appreciate that you mentioned using not using an email as a primary key. This was a new idea to me and I will make sure to avoid this.

I can empathize with you. A couple weeks back, I was at a small donut shop where I ordered and paid with a card. I heard them call the person before me, by name, and quickly realized they were about to use the name from my card. I haven’t been back, but their donuts were so good!

As for changing names, I can imagine it being rather common for people leaving domestic violence to change names.

Collapse
 
outfrost profile image
Outfrost

Name from the card? Geez. In my corner of the world, they usually at least have the decency to ask you your name, if that's how they call customers for order pickup.

Collapse
 
vickilanger profile image
Vicki Langer

That's normal everywhere I've ever been. I've always been asked for my name or assigned a number that was printed on the receipt.
The name being pulled from my card as a new thing to me.

Collapse
 
expdev07 profile image
ExpDev • Edited on

I don’t see the issue with using the name on your card?

Thread Thread
 
outfrost profile image
Outfrost

Let's start with the issues pointed out by OP, and add to that the fact that many people don't like being called out by name by a stranger in public.

Thread Thread
 
expdev07 profile image
Comment marked as low quality/non-constructive by the community. View Code of Conduct
ExpDev

That's so stupid... I'd get it if it was your full name, but your first name? Come on. Seems pretty arrogant.

Thread Thread
 
willsheppard profile image
Will Sheppard

@ExpDev did you even read the article?!

Thread Thread
 
shaunagordon profile image
Shauna Gordon

The name on card is usually the entity's legal name (because business cards don't even have a human's name on it, but the company name).

It's perfectly reasonable to want the opportunity to use a name that makes more sense (such as one the person would more immediately respond to, or one that's easier for the person saying it to pronounce).

Thread Thread
 
thiagomgd profile image
Thiago Margarida

@ExpDev if people try to use my first name, they will almost always pronounce something that has no resemblance at all to how it should sound. So I always go by James, the english equivalent. And my name's not even that difficult...

Thread Thread
 
moopet profile image
Ben Sinclair

The "name on the card" problem is likely less in the UK and Europe where everything's contactless or we tend to use out phoens to pay. The phone screen could just be our wallpaper, it doesn't need to show the payment app or anything.

Thread Thread
 
vickilanger profile image
Vicki Langer

For me, I live in the USA and we just aren’t that advanced.

Thread Thread
 
moopet profile image
Ben Sinclair

I'd say we should send you some sort of foreign aid but unfortunately we're completely screwed over here at the moment.

Collapse
 
docum3nt profile image
Peter Flynn

"Changing" name? It would be good to start at zero and get interfaces to accept people's real names from the beginning. There are lots of sites which still only take [A-Za-z] and even block spaces and hyphens.

In 2020.

I recently posted this example (silmaril.ie/screenshots/river-isla... - warning NSFW). The devs will get the blame, rightly or wrongly, for what is likely an organisational failure to update antique DBMSs, OSs, and server environments to handle modern character encodings.

Wouldn't it be nice if the 20s was the decade we got Naming right? Do we need to shout and scream in more public places?

Collapse
 
ludamillion profile image
Luke Inglis

get interfaces to accept people's real names from the beginning.

My wife and I just had our third child and turns out you can't even use an accent on a letter for a birth certificate in the US. Like literally the legal associated with her SSN is spelled differently than it will ever be spelled in 'real life'.

Collapse
 
sshaw profile image
Skye Shaw

Many national governments have various problems dealing with peoples' names. It's quite common.

This is nice: github.com/patch/i18n-testing/blob...

Collapse
 
willsheppard profile image
Will Sheppard

You think that's bad, what about password policies that only allow you to enter 8-12 characters, a-z, 0-9, and maybe an underscore if you're lucky. And that's for a BANK!

Collapse
 
docum3nt profile image
Peter Flynn

That's exactly the problem. They're using 50–year-old software and the cascade of changes that would be needed if they fixed the source database field spec would probably require more COBOL programmers than exist. Don't forget that these are orgs who have a licence from IBM to recompile the mainframe OS as well as the language compilers, because the lawyers say they need traceability from boot code up (read: plausible deniability)

Collapse
 
expdev07 profile image
ExpDev

Why did you mark it NSFW???

Collapse
 
selenahunter99 profile image
Selena

Use of the f word :)

Thread Thread
 
expdev07 profile image
ExpDev

That’s not NSFW haha.

Thread Thread
 
daniel13rady profile image
Daniel Brady

Depends on where you work, I'm sure.

Collapse
 
philrod1 profile image
Phil

Someone I used to work with had issues when she changed her name. She transitioned while at the company and they were very supportive. Email address and phone-book details all changed without issue ... for a while. It seemed that once a year, some automated process would notice the discrepancy between her old name and her current name and change many things back. Awkward for me, infuriating for her.

Collapse
 
thiagomgd profile image
Thiago Margarida

Which is weird that it would change everything to the old name, instead of syncing to the new name...

Collapse
 
moink_tdr profile image
moink

PayPal also doesn't let you change your country of residence. I have moved internationally three times in my life, twice since getting my primary email address. Since I don't want to create a new email address just for PayPal, I have just stopped using the service entirely.

Collapse
 
imnotbreno profile image
Breno HD™

Outlook let's you create alias for the same your account. you can have a@live.com, b@live.com, c@.live and login with same password and get everything in one place.

Collapse
 
addyfree profile image
Addy Free

The unnecessary use of legal name is huge. Stakeholders too often say "We have to use the legal name for compliance" when the compliance matter is not real, we later find out.

We've now flipped the default: process owners must provide a demonstrated business case for use of the legal name, absent that, they're getting the best name we have, which yes, will sometimes be the legal name, but not always.

Collapse
 
embiem profile image
Martin Beierling-Mutz

I took on a combined surname, which consists of original one - (dash) wife's one.

renaming is so difficult and often involves writing support or even sending letters with a photo copy of my new ID. It was a big hustle...

Collapse
 
mwarner77 profile image
Mark Warner • Edited on

I confess I had never thought of the now-obvious ramifications of this issue for
trans people, but given the disproportionate number of women who use the apps I have developed I have at least since ~2004 tried to make it relatively simple to change one's name. The apps I developed in my first professional programming job were almost exclusively used by women for the first two years, and more than one of them had a name change during that period, so fungible names was a basic requirement. It's taken a lot of forms over the years, but now I have a fairly simple schema now that uses an array of hashes containing personal info, for which the last index is always the current and authenticatable version. But still...I see I can make it better by adding pronouns and honorifics into that hash, and absolutely forbid the re-use of old identities.

Thanks!

Collapse
 
jaxolotl profile image
Javier Valderrama (Jax)

Directly or indirectly our work ends up being used by people. Knowing the impact of each of our decisions is extremely important and enriching, not only helps us to create better designs from the very beginning, but also shows us how cultural or social biases lead us, unintentionally, to make design decisions that negatively affects people and that technically, do not have any valid support. Our work increasingly permeates our society, the world where we live, and our responsibility to prevent the perpetuation of exclusive models is growing. To think big is to get out of those thousand lines of code that we have to write and look at the world around us, to be better people and better professionals.

Thanks @penelope_zone to make us a little less ignorant today and a little better engineers

Collapse
 
jacobherrington profile image
Jacob Herrington (he/him)

Hey Penelope! It was a pleasure meeting you in Nashville, and I'm stoked to see you posting on our platform!

You've given me a lot to think about in this post! This isn't an issue that affects my day-to-day life, thank you so much for reminding me of it. 💛

Flexible names should be a minimum UX expectation at this point tbh.

Collapse
 
mbbroberg profile image
Matt Broberg

I love this post! When I'm a little over 3 years from when I took my wife's last name, and I still live in a world where I'm frequently filling out paperwork to prove I'm still "me." And it's only a minor inconvenience as a cis man. My password manager has been a godsend nevertheless.

Thank you for sharing your experience!

Collapse
 
hellokyyt profile image
Kyle Harrison

Completely agree on all accounts. For every application and website I've written, authored, and maintained since I was a teenager (I'm 33 now) I've always

  1. Generated the primary ID (either auto-incremented number, random fixed number, short hash, or UUID)
  2. Authenticated off of an email (which can always be changed)
  3. Allowed the registrant to provide an always changeable "Display Name" (Sometimes I generate the first username automatically to keep everything the least annoying as possible)
  4. Gone passwordless wherever possible. (If a password is required, I've always since day 1 used the best one way hashing I could get my hands on that allows the user to supply whatever password they want)

The only time I've ever had to ask for a legal name or other identifiable information, was when I wrote an online ordering system and it was required for shipping and billing information. And I've always made sure that data stayed forever changeable.

I fully believe in storing as little information about a user as possible in my databases, sticking strictly to what is needed to make the app do it's thing, and nothing more. I don't even want your passwords if I can help it.

It straight up baffles me when I see anything else. Like MAXIMUM password length for example. Give me a break. But then.. yeah.. my wife has gone through a name change too, she got married to me and took my last name, and getting her online identities matched up to that has been a weird hell and a half.

Collapse
 
emmiep profile image
Emmie Päivärinta

I can't see why anybody might want a maximum password length, unless they DON'T store the hashed password, that doesn't bode well (even if was encrypted it would be terrible).

Collapse
 
ashleypinner profile image
Ashley Pinner

Bcrypt is limited to 72 characters. It's the only reasonable limitation, as you would not want password managers to assume the users password was longer than required to authenticate. (especially if you migrated upwards in hash. )

Thread Thread
 
hellokyyt profile image
Kyle Harrison

Totally true, anything longer and BCrypt will truncate. I like Argon2's input limit of 4.29b characters much better hehe

That said, 72 characters isn't the worst length limit, but when you're asked by your bank for a max limit of 14 or something similarly pathetic like that

Collapse
 
lbotinelly profile image
Leo Botinelly • Edited on

Awesome post! That's a problem space that I've been dedicating a lot of thought these days.

I've one of those long Iberian Peninsula names. Since it often overflows standard name form fields my US documents have 4 or 5 different compressed versions; I'm considering changing it to a shortened name plus surname format (like the one I use here) just to avoid noise.

One remedial solution for the "username re-use" case would be a shadow-lock for the old username, allowing only the original user to switch back to it if desired.

Collapse
 
shaunagordon profile image
Shauna Gordon

What's astounding is that the names don't even have to be foreign to overflow some of these systems.

"Christopher" is an exceedingly common name in the US, and yet it routinely gets truncated, usually to "Christophe" by systems, even when using the legal name may be warranted!

Collapse
 
lbotinelly profile image
Leo Botinelly • Edited on

Exactly - while I do understand the pre-2000s rationale for smaller field sizes, this is one of the 'compromises' that boggles my mind.

Composite family names ('Tessier-Ashpool') suffer a similar fate, operators picking one part at random.

Some comments may only be visible to logged-in visitors. Sign in to view all comments.

Become a ModeratorHey! We would love your help!

Fill out this survey and help us moderate our community by becoming a tag moderator here at DEV.