What type of accounts would benefit security wise from having a random user name?

Discussion in 'other security issues & news' started by Devinco, Oct 15, 2006.

Thread Status:
Not open for further replies.
  1. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    What type of accounts would benefit security wise from having a random user name?

    For accounts like Windows login, there would be no benefit. The user name is in a folder name visible to other users as well as on the login screen.
    For website accounts like Wilders, the user name is visible to all.
    For other websites, the user name is your email address which is somewhat public.

    But some websites allow a username different from the email and the username is not publicly visible.
    Also, router configuration pages are not publicly visible outside the LAN.

    For these types of accounts (maybe others? sFTP? SSH? VPN?), would there be any security benefit from having a randomized user name like: 3E368665C3FE964E?
    Would this not act like a double password making it more difficult to break into the account?
    Why is this is totally unnecessary?
     
    Last edited: Oct 15, 2006
  2. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Hey D:

    Thanks again.

    I will reask Linksys and say the router limit must be specific numbers as you suggest.

    For the record I'm on a wired not a wireless, but my question stands anyway.

    I will post this reply in the new thread (if I can find it)

    See you
     
  3. diginsight

    diginsight Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    225
    Location:
    Netherlands
    Accounts mostly benefit from users changing default passwords. And of course WiFi warning stickers :D
     
  4. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Delvico:

    Linksys has replied that the router user id and the password can be 5 characters minimum and 30 characters maximum. A/N no special characters:
    Here is a 30 character bit strength = 171 from RoboForm2Go.

    h2EuojAjpwT6jEVFOh0b9OjhmTYQ5GTg

    Comments?
     
  5. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi diginsight,

    Thank you for the answer. :)
    That is quite a list.
    So, as long as it is changed from the default, it doesn't need to be random.
    I hope Schwarzenegger signs the bill.
    It would be a simple solution with big security benefits.
    Now if only people would read the labels!
     
  6. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    That is a 32 character password.
    Make one just like it 30 characters and I think that is plenty strong enough.
    Of course use one different than you post here.

    And the user names Delvico and Devinco have the same number of characters. ;)
     
  7. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    It's been 2 years since my 67 year old eyes were tested!

    you have proven it is time....

    it's a wonder I don't mix up with Da Vinci codes...
     
  8. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Your spelling is usually very good, so the reason was unclear.
    Please do have a check up Celtic Friend.
    And don't use any of the Da Vinci Codes as passwords.....they can all be broken just by typing Mary Magdalene. :)
     
  9. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, Devinco

    :eek:...... :D :D :D.

    Take Care,
    TheQuest :cool:
     
  10. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Devinco:

    I failed grade 3 spelling! The invention of spell checkers was the greatest thing since John the Baptist (remember what happened to him!)

    What I've never yet been able to do is spell check on my posts.

    My thinking was this is like old email an informal tool where you didn't have to worry about spelling, grammer etc.

    When you hit the abc spell check in IE 6 when on that browser you get this message "would you like to download ieSpell

    http://www.iespell.com/download.php

    Is this a good site/product?
     
  11. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    No worries, Wilders is informal.
    Intent is more important than spelling.
    I wasn't sure, so I made the comment to bring out the clarification.
    Now I understand, so no need for a spell checker, unless you want others to understand what you are saying. :)
    For me maybe an intent checker would be good. :D

    I have not tried it, but it was well received here at Wilders.

    You might also consider tinySpell.
    It was also well received.

    For Firefox, there is SpellBound.
    Be advised, for it to work with the newer versions of Firefox (1.5+), you need to use the Development version of Spellbound.
     
  12. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
     
  13. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,700
    Hello,
    Smart scanners rarely rely on strings for identification, so it's not that important.
    Online name - what does it matter? What does your online name tell anyone about you? It's just a name.
    As to email name - make one dedicated to public forums.
    I have at least 3 emails I use for various forums - I even get confused sometimes.
    Mrk
     
  14. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Devinco:

    Had my eyes tested, seems the catarats have worsened, will see specialist next week re surgery. Fun eh?:'(

    I look forward to no glasses when all completed, (except reader for your posts)

    your Celtic friend

    PS I've had some fun stiring up the forum memember by challenging them to test there assumptions and systems, some don't like it at all! It's good for them.:shifty:
     
  15. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Escalader,

    I hope everything goes well for you. :)

    Stirring things up now and then can be good if done in a way that people question their security procedures in order to improve them.
     
  16. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Random names could be very useful for preventing SSH attacks if you have remote root login disabled. Then, the attacker has to try to guess the correct username, then the correct password for that user. Pretty difficult to do in reality. However, this security plan fails if the attacker already knows the name of the user on the computer, or if remote root login is not disabled since the username is "root", so there is less guesswork. Other than that, I don't think it will help that much, since a strong password is pretty hard to break, and is the real key to the puzzle.

    Cheers,

    Alphalutra1
     
  17. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Thanks Alphalutra1. :)
     
  18. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Devinco:
    Thanks, will get both eyes done within the next 2 months. Should be routine.

    As to stiring the pot, yes, has to be done "right", a lot said why bother, these products are to old to be relavant others said they were proceeding to do more to test. IMHO What's the right way for one person is wrong for another.

    Do you use prevx1 at all? If you have time take a look at Notok's post yesterday I think and my question to him post 11. He got ill in the middle of the discusion.

    Looks real interesting if it truly captures parasites week ahead of standard scanners.

    Your celtic friend
     
Loading...
Thread Status:
Not open for further replies.