User talk:Earl Jacksboro

Denj7uiqbqvdktdnagu8i4fsyjcpo (talk) 00:59, 25 May 2008 (UTC)

Denj7uiqbqvdktdnagu8i4fsyjcpo → Earl Jacksboro

 * Reason: Complying with rules that seem to prohibit random (and thus secure) names. Denj7uiqbqvdktdnagu8i4fsyjcpo (talk) 11:34, 25 May 2008 (UTC)


 * I will leave it to the admins already involved with your request to arrange your name change. But please note that you are apparently incorrect in one important aspect; specifically, security rests with your password, not with your username. Anyone can see your username; no-one can see your password. --Anthony.bradbury"talk" 12:58, 26 May 2008 (UTC)


 * Thanks Anthony. Oh, this is a matter of best practice.  Security-wise... a complex userid will defeat certain attack vectors for most systems, and that's why I am in the habit of using one like that as a best practice.  You can look at it this way:  A complex userid will *not* weaken security, but it certainly can help.  My online banking id's, for example, are complex, long, and random, as are the passwords.  An adversary would find it (next to) impossible to brute force my ID, let alone get as far as trying to brute force the password.  Of course, banking security models are more sophisticated than this system's, and thus the userids are *not* publically visible.

In the case of this system, since userids are visible, I'd agree it doesn't make a difference for an adversary who is harvesting userids from public info, and then attacking. I would thus have an issue with a lame security design that allows any logon information to be visible in the first place, instead of using an "alias" that is *not* used to logon, as the public identifier.

But, no matter. I just want to add some info to a Wiki item, and of course will follow the standards here.Denj7uiqbqvdktdnagu8i4fsyjcpo (talk) 15:22, 26 May 2008 (UTC)


 * Keep in mind here that your account has very little value, since if it is compromised, you can always just create a new one (as opposed to, say, your banking accounts, which are very valuable). But if you are worried about such a situation, you might consider using Template:User committed identity as a backup.  Mango juice talk 17:17, 27 May 2008 (UTC)