Slashdot Mirror

← Back to Stories (view on slashdot.org)

User Naming Practices?

Posted by Cliff on from the mangling-yer-moniker dept.

Kymermosst asks: "Recently, this post was made to comp.sys.sun.misc, and sparked a large debate on the subject of usernames. What standardized user-naming schemes are used out in the 'real world,' if any? Has any company's scheme become a security risk due to its predictability? Were any benefits gained by using any particular system?"

3 of 109 comments (clear)

  1. Passwords by zpengo · · Score: 5, Insightful

    The real danger is a standardized usernaming scheme + a standardized default password scheme (e.g., "password", or same as username). The "It won't happen to me" mindset takes over, and a majority of users never change their passwords. It's easy enough to get into anyone's account on systems like that.

    --


    Got Rhinos?
  2. Re:I have the answer. by Anonymous Coward · · Score: 4, Insightful
    use up to 4 characters of their last name+the last 4 digits of their social security number.

    There are a lot of places which use the last four digits of the SSN for identity verification. I'm not sure I'd like to have it be part of something as public as my email address.

  3. Any system has to be flexible by sclatter · · Score: 4, Insightful

    As far as using full names goes, the Sendmail FAQ explains sufficiently well why that's a bad idea. See Q3.5.

    Especially in a corporate environment, people expect to have reasonable looking user names. Most folks won't put up with being sfc123; it just is not professional.

    This means that while it's a good idea to have guidelines, you can't be too much of a stickler. If a sales guy was jschmoe at his last three jobs, and all his contacts know his email as jschmoe, then it's really best if he can continue to be jschmoe. Forcing him to be joes341 instead doesn't make anyone happy.

    Collisions are certainly an issue, but that's not the only problem. For example, a popular default choice might be first initial last name. Using that standard at one job we ended up with a "pharter" (say it out loud), and at another job there would have been an "aryan". These things just don't work.

    Ideally I like to allow users their choice of login. I encourage them to select one of first initial last name, first name last initial, or initials. Every now and then someone will come along and want a login like "coolguy" or something completely random. Depending on the company culture and whether the user is "customer facing" I might be lenient.

    I've worked in organizations up to a few thousand users and this system has worked fine. In a truly huge organization you'd end up having user names that look like AOL, though. Certainly in an educational environment I imagine a more authoritarian system would be warranted.