Random Usernames

Hacking and password security and all that kind of junk has been all up in the news lately, and this Dropbox breach is just the latest story I heard about today. This particular one was a breach that appears to have allowed a user to bypass the password and gain access using only the username for an account. That sucks, and maybe this kind of thing is preventable by adding another level of randomization. Everyone should know by now that you should be using random passwords and storing them with a tool like 1Password. Well using a password manager like this means you also don't really have to know the username either, so why not add another level of security, however small it might be? I'd like to do some more in depth research on this, and see if randomizing the username actually does increase security and by how much.

Even usernames that require an email address can have some randomization added to them. Just about any host should allow you to create an "email alias" that will forward to your regular email address, for example instead of yourname@example.com, set your login for facebook to use something like fb-ia6vcmwuq1@example.com.

I think this is something I'm going to start doing, but obviously it's not going to work for everything. Having a randomized twitter username, for example, would probably not be the best choice.

This entry was posted in post. Bookmark the permalink.

2 Responses to Random Usernames

  1. Zuhaib says:

    Or use a cloud file sharing service that takes security seriously… I would post a link to one but I dont want to spam your blog since I work for them ;)

    But Random usernames while in theory sound great would be really hard to share with someone on the fly. Just think about saying "Hey please upload that file and share it with me, my username is Xee23r4345". In reality the Dropbox gues really just need some good QA and be tell the users what they really are, a easy way to share files, not securely.

    • cobweb says:

      Hah nice. Yeah but that's not really what I'm talking about. And people already are sharing stuff with ridiculous user names as it is. ICQ numbers are pretty random etc. Obviously Dropbox has seem problems, but I don't think random usernames for authentication is such a bad idea. Many financial institutions already do this, so why not take it your personal stuff as an added layer of protection?

Comments are closed.