Two GCC stories
Posted Jul 7, 2010 18:24 UTC (Wed) by nix
In reply to: Two GCC stories
Parent article: Two GCC stories
This person admitted the obvious that "NightStrike" is not real. AFAIK only he and his sympathisers suggested in later editorial comments that a "real-enough" but fake name might have been acceptable.
But how would you have known if it wasn't
? Ignoring someone who points out a huge gaping flaw in your security policy because you don't like their name is not clever.
As for better authenticators, well, you've already mentioned things like home addresses, phone numbers, et seq. Of course all of these are fakeable: one must estimate the determination of possible attackers when figuring out which to rely on. But NightStrike is quite right that relying on 'a real-sounding name' gives you nothing: it drives away those who wish to or must use pseudonyms while failing to keep out any bad guys at all.
to post comments)