humbleFunGuy <imohammed786@hotmail.com> writes:

>I am wondering if there is any article or best practice on how to
>select convention for user names. We are in the planning stages of
>setting up convention for user names for our company. These user
>names will be used for all employees. We have a lot of employees.

>We are considering using following convention:
>Assume my company General Electric.


>GE000000001
>GE000000002


>So all the usernames will be sequentials.

Yaaagraeedgsenyme. Why? To make sure that your users have as a hard a time
as possible remembering their usernames? Why not throw in $^*(^*&)(*)#$# as
well into the usernames. It makes them even harder to remember-- and random
upper case.


>I have security concern with this approach. One can easily write
>code
>to sequence through user names and attempt brute force attack. Is

A user name is "public". You must expect that anyone's username is known to
any adversary. There is no security in usernames. the security comes from
the passwords. That is where you should be spending your time.


>this volunerability about the same as if we select user name that
>follow standard user name convention such as jsmith or gwbush or
>using
>sequential numbers as username is more volunerable?


>Thanks,