PDA

View Full Version : sequential number user name convention - security concern.



humbleFunGuy
07-17-08, 05:46 PM
I am wondering if there is any article or best practice on how to
select convention for user names. We are in the planning stages of
setting up convention for user names for our company. These user
names will be used for all employees. We have a lot of employees.

We are considering using following convention:
Assume my company General Electric.

GE000000001
GE000000002

So all the usernames will be sequentials.

I have security concern with this approach. One can easily write code
to sequence through user names and attempt brute force attack. Is
this volunerability about the same as if we select user name that
follow standard user name convention such as jsmith or gwbush or using
sequential numbers as username is more volunerable?

Thanks,