Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Usernames Guidelines ?

Status
Not open for further replies.
icintamyself

icintamyself

MIS
Mar 13, 2002
34
MY
We have been hearing about password guidelines to prevent the password to be easily cracked and known. How about usernames guidelines ? For e.g. should a username be made up from a person name and surnames ?

I think there must be some guidelines on usernames. For instance if Mr Alex is a financial manager and the usernames creation process is very simple, then I can already know that his usernames is alex. Next thing is to attack his password.

Any suggestions ?

Thanks
 
Sort by date Sort by votes
It's pretty common (and we do it this way here) to have the user's first name, followed by the first letter of their surname (James Brown = JamesB). If there is already a JamesB (James Bright) we would just use the full name (JamesBrown) as their username.
 
Upvote 0 Downvote
We use the last name and first initial as Grenage describes. While that does let someone identify someone's account, it seems to be more secure than a username that's obscure. For example, I've been at places where the username would be something like JX5382B8. What happens is that it's so obscure that people write it down on a Post-It and stick it up somewhere.

The same goes for passwords, only it's more dangerous. I've worked at places where the user wasn't allowed to make up their own password, but were given a generated one. These always got written down and put up on Post-Its because they were so hard to remember.

Interesting side note, OpenVMS has a password generator that creates nonsense words that are pronouncable and follow english spelling conventions. That means the words won'd be in any dictionary, won't be guessable, and are easy to remember without jotting it down.
 
Upvote 0 Downvote
The username is public. No attempts are made to hide or obfuscate it on the system or network. For instance, Windows machines allow users to be enumerated across the net, and *nix systems allow the /etc/passwd file to be world readable. In both cases, the user name is stored in clear text.

If security is required beyond a simple password, then secondary authentication mechanisms can be used. Token-based authentication, e.g., SecureID, is probably the most common form of secondary authentication. Biometrics are also an option.

Attempting to make a user name more difficult to guess falls in the category of "security through obscurity." Over the years, this method has proven to ineffective at best.
pansophic
 
Upvote 0 Downvote
We have always used 1st letter of first name, middle initial, and last name. You may know that John Doe is the head accountant, but you may not know that his middle name is Zebra. So he username is jzdoe iSeriesCodePoet
IBM iSeries (AS/400) Programmer
[pc2]
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Lordmathos
  • Locked
  • Question
Logging usernames
Replies
4
Views
34
Lordmathos
Lordmathos
rtammel
  • Locked
  • Question
RFC on default Usernames?
Replies
1
Views
40
chiph
chiph
fuunstatic
  • Locked
  • Question
report shows only ipaddresses and not usernames
Replies
1
Views
27
sharper
sharper
dozier
  • Locked
  • Question
usernames and using 'login'
Replies
2
Views
53
dozier
dozier

Part and Inventory Search

Sponsor

Back
Top