I have included a couple sources, but lets discuss the issues.
Usernames should not be a protection for authentication. Authentication is separate from identification. Identification is a piece of data that describes a individual or group. Most of the time a username is a sequence of characters that uniquely identifies a individual. Typically a individual is authenticated with a password. I may claim I am Margret Thatcher, but if I can not type in Margret Thatcher's password than I can not authenticate as Margret Thatcher.
That aside there may be some secureity issues with usernames.
Usernames that may cause undesired behavior in the authentication system.
- Excessive long usernames: thisisareallylongusernameintendedtocauseabufferoverflow
- Usernames with unusual or control characters: proc␀ess␠thisäifÄuÜc'aÖn;ü
Usernames indended to cause confusion
- Administrator Request
- Invalid
- Valid
- Error
- MOTD
- Authenticated user
- login:
- password:
- root/\�
University of South Australia
1.4 Username Should be Unique and Unchanged for a Person
Each person should normally have a unique username which they can keep for their entire life at the University. Staff usernames are distinguishable from student usernames. As Staff move between different cost centres, their username should not change but the associated Permissions should reflect appropriate access for their new role.
1.5 Staff who are also Students will have Two Usernames
Staff usernames are distinct from student usernames. There is a need to be able to provide different permissions based on a person’s role as staff or student. Staff who are also students will be provided with a staff username/password pair and a student username/password pair. This allows staff to take on the role of a student when they are not working in their normal staff position.
https://web.archive.org/web/20120213072116/http://www.unisa.edu.au/ists/governanceinit/policies/others/usernames.asp
YouTube Username Policy
Don't namesquat - YouTube usernames are in high demand. As a general rule, users are expected to be an active member within the YouTube community.
http://www.google.com/support/youtube/bin/answer.py?answer=151655