>
> I am interested in the list's view concerning keeping user account names from
> being distributed freely (e.g. as part of mail adress) on the Internet.
> Another way of posing that question is: do you see any security advantages in
> keeping user account names "hidden"/"secret"?
>
> My view is that user account names should not be a security factor at all,
> and that if they are, something is wrong with the security paradigm being
> used. But, then again, I don't believe in passwords (well, the usual
> reusable kind) either, so what do I know....?
Well, Letting folks know login names gives them a place to start
trying their password guesses... I personally think sites should
hide login names in email, but not everyone can do that. (My site
included.)
On the other hand, it's still not a good idea to publicly give out
login names. (ie, don't post lists of login names where anyone
can get to them). Lets not make things too easy for the "Bad Guys" (TM).
>>>Ericw
Follow-Ups:
|
|
