- #security on software development security and web security, security best practices and discussions, break-ins and countermeasures. Everything you ever wanted to know about software security but were afraid to ask, for fear of not understanding the answer!
- HOME
- Technology
- Keep it simple – user names
Keep it simple – user names
- Albert Zenkoff
- 2012-07-18
All right, now after the lengthy discussion on user names and ids let’s have some simple rules:
- Do not use sequential numbers for user ids.
- Do use random numbers for user ids.
- Do not use any scheme for user names that ties (semi-)public user information to the user name.
- Use user nicknames (aliases) if “natural” user names are not sufficiently unpredictable.
- Allow users to change user names.
The last point was not mentioned previously but it is quite logical, isn’t it? The system identifies the user by a fixed random user id. But the user identifies itself to the system by a nickname that can be changed once the user is logged in and his id is known.
Comments List
Leave a Reply
About the author
Albert Zenkoff
Managing corporate security in both technical and business sense in the context of long-term business strategy and sustainability.
For security consulting, training, certification and audit mail albert@aruberusan.com.
Share and stay updated
Article categories
Search
Recent Articles
- CAST workshop on development security
- A company with an SQL injection name
- Don’t patch it, it’s fine?
- Data breach at LinkedIn
- Position yourself on Security Maturity Grid
- Worst languages for software security
- Backdoors in encryption products
- CAST Workshop “Secure Software Development”
- Windows 10: catching up to Google?
- Continue the TrueCrypt discussion: Windows 10
Tags
advice
attack
authentication
breach
cloud
cost
costs
Cryptography
database
Development
disk encryption
economics
embedded
encryption
general
Google
guidance
hash
hashing
inevitability
internet
management
mobile
network
news
NFC
NSA
Password
password database
password management
passwords
philosophy
Physical security
privacy
protection
quality
risk
rules
security
security investment
society
software
software design
technology
user information
Archives
- March 2018
- January 2017
- November 2016
- May 2016
- February 2016
- January 2016
- December 2015
- September 2015
- August 2015
- June 2015
- April 2015
- March 2015
- January 2015
- December 2014
- November 2014
- October 2014
- September 2014
- July 2014
- June 2014
- April 2014
- February 2014
- December 2013
- November 2013
- October 2013
- September 2013
- June 2013
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- November 2012
- October 2012
- September 2012
- August 2012
- July 2012
Copyright © Holy Hash! All Rights Reserved.
Biometrics – any good? « Holy Hash!2012-08-04 13:15 /
[...] The first question that should be asked then, “what’s it good for, anyway?” A characteristic that is fairly stable, cannot easily be changed at will, – that’s a fairly reasonable user name, i.e. the user identification. Even then, it is a questionable approach because it is a good idea to let users change names. [...]