IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [user-names]

70 questions
149
votes
6 answers

Is password entry being recorded on camera a realistic concern?

I live in a city where CCTV camera coverage is comprehensive and increasing. Cameras are getting cheaper and higher resolution. Everyone has a video camera in their pocket already, and we are starting to see trends which indicate always-on cameras…
davnicwil
  • 1,231
  • 2
  • 8
  • 8
115
votes
13 answers

Is it good or bad practice to allow a user to change their username?

I have looked all over online as well as this site to try to find out more information regarding the security of this, but haven't found anything. In my particular case, the product is a website, but I think this question applies for any software…
Jeff Y
  • 1,051
  • 2
  • 7
  • 9
80
votes
7 answers

Are random URLs a safe way to protect profile photos?

I would like to move from sequential to random user IDs, so I can host profile photos publicly, i.e. example.com/profilepics/asdf-1234-zxcv-7890.jpg. How long must user IDs be to keep anyone from finding any user photos for which they have not been…
owenfi
  • 903
  • 1
  • 6
  • 8
79
votes
3 answers

Does correcting misspelled usernames create a security risk?

Does correcting a misspelled username and prompting the user with a valid username introduce a security risk? I recently tried logging into facebook and misspelled my email. They prompted me with the message below. Log in as…
GER
  • 865
  • 1
  • 7
  • 9
59
votes
13 answers

Why not use a national ID as username for every website?

Everyday we visit many websites, including our university's website, maybe Google, Yahoo, etc. But on each of them, we have a unique username, while each person in a country can have a "national code" such that no persons share a code. So, they…
Arman Malekzadeh
  • 749
  • 1
  • 5
  • 6
52
votes
10 answers

Why use usernames and not just email addresses to identify users?

Why use usernames, and not just email addresses, to identify users? - What is the main concern or the main case when a security expert (which I'm not) should recommend inserting another layer of usernames, for example, when a native/web application…
user9303970
  • 443
  • 1
  • 4
  • 15
34
votes
6 answers

What is the point in having arbitrary username requirements?

I've looked around on Security.SE, but couldn't find much related to the following problem: I recently signed up for Chase Quick Pay as my method of being paid by a part-time job. I've heard of stupid password requirements, but never stupid username…
Chris Cirefice
  • 1,460
  • 2
  • 13
  • 21
33
votes
4 answers

Should I be worried if I accidentally entered my password in a username field?

Occasionally I will fail to hit Tab properly when entering a username/password combination. This results in me submitting username "myUsername$ecretPa$$word" along with a blank password. I always try to change my password shortly after doing this,…
loneboat
  • 1,434
  • 1
  • 12
  • 16
31
votes
7 answers

Does username length/complexity/uniqueness positively impact security?

Is having a longer/more complex username considered more secure than using a shorter/basic one? Would the uniqueness of a username positively impact security? This is assuming that adversaries aren't aware of what the username may be, eg. a remote…
user389823
  • 625
  • 6
  • 11
28
votes
5 answers

Why do "Forgotten Password?" links generally reveal usernames or registered email addresses?

It seems that most sites or systems will just state Invalid username or password As a means to not reveal usernames for use in brute force (and other) attacks. Seems like a good idea as a general rule. However, many of them you can follow the…
RemarkLima
  • 445
  • 6
  • 17
21
votes
5 answers

Program claiming a dedicated user to run itself

A desktop running Ubuntu Linux 14.04 LTS seemed to go slower than usual. top showed that freshclam, the database-update utility for the Unix anti-virus program, was working the hardest. freshclam --version shows the version is from…
XavierStuvw
  • 965
  • 2
  • 8
  • 15
20
votes
3 answers

How to handle emails as usernames under GDPR?

Using emails as usernames for webapps is a convenient way to avoid the "yet another online username" problem. As such, by using this approach, the emails should be easily available in the backend to do user/pass checks. However, in the context of…
João Dias Amaro
  • 303
  • 1
  • 2
  • 5
15
votes
3 answers

Why is there a minimum username length?

In some (web) applications there is a minimum length for usernames, usually there is a restriction for a minimum of 6 characters length. For example, free gmail accounts and miiverse (Nintendo social network). Why is there a minimum username length?…
ilazgo
  • 2,743
  • 4
  • 12
  • 10
12
votes
4 answers

Are short usernames a security concern?

I was somewhat suprised that the sysadmin approved a one-letter username like "m" and my username is also short ("nik"). I think that if usernames are brute force attacked then the username should also be longer than just a few characters. Do you…
Niklas Rosencrantz
  • 450
  • 5
  • 20
9
votes
6 answers

What methods can be used to prevent mistyped usernames?

I wanted to log on to my account on my bank's website. The account is protected by a number of security checks. The first one is what really amounts to a username, a confidential one. It's an 8-digit numeric passcode (given to me by the bank), after…
ymar
  • 205
  • 1
  • 6
1
2 3 4 5