All right, now after the lengthy discussion on user names and ids let’s have some simple rules:
The last point was not mentioned previously but it is quite logical, isn’t it? The system identifies the user by a fixed random user id. But the user identifies itself to the system by a nickname that can be changed once the user is logged in and his id is known.
Albert Zenkoff
Managing corporate security in both technical and business sense in the context of long-term business strategy and sustainability.
For security consulting, training, certification and audit mail albert@aruberusan.com.
Biometrics – any good? « Holy Hash!2012-08-04 13:15 /
[...] The first question that should be asked then, “what’s it good for, anyway?” A characteristic that is fairly stable, cannot easily be changed at will, – that’s a fairly reasonable user name, i.e. the user identification. Even then, it is a questionable approach because it is a good idea to let users change names. [...]