LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

usernames

usernames

Posted Oct 29, 2012 13:19 UTC (Mon) by sorpigal (subscriber, #36106)
In reply to: usernames by tialaramex
Parent article: Sunday's kernel releases

Everyone has this problem and the solution is simple: Guarantee uniqueness by assigning every person a unique number. The problems with this are that people feel numbers to be impersonal (as if most of these schemes are not!) and that numbers can be harder to remember or distinguish from other numbers. Attempts to avoid this problem with clever schemes will, as you point out, lead to trouble[0].

There are no good answers, but here's a bad one that I like: assign each person a name-based username and then *always append a numeric suffix*, so that each name is e.g. firstname.lastname.123@host. Of course you have to deal with the fact that nobody really knows what a name is[1], allow for exceptions and never hard-code this assumption in to any software.

Perhaps the best way to name people is to use something like DNS. A unique number that identifies plus a global name-to-number resolution system, which is non-authoritative and permitted to change over time, geography, etc.. Of course, then you'd need to know he point in time and locality to know how to resolve the name... which is pretty much where we are now.

[0]: http://thedailywtf.com/Articles/The-Automated-Curse-Gener...
[1]: http://www.kalzumeus.com/2010/06/17/falsehoods-programmer...

(Log in to post comments)

usernames

Posted Oct 29, 2012 13:31 UTC (Mon) by ledow (guest, #11753) [Link]

Now imagine you have a class of 30 6-to-11-year-olds, all with unique numbers, all waiting to log into the ICT Suite. It's their first lesson, you're the teacher... see how much you get done.

You can't even GUESS at their username, because it's numeric. They won't remember it, even months later. You will have to print little cards with their usernames on, which they will be unable to read until years after they've started (BY LAW!) using computers in a network environment so the teacher has to go around one-by-one logging them in.

Not saying it's insurmountable (it's not - for a start, I push for dongle-logins because it's just easier even if they lose them in the first five minutes), but it's a problem.

Hence why humans memorise alphabetised mnemonics (i.e. a username based on their name) and let the computer convert it to a unique identifier (i.e. user-SID or equivalent).

The only place that gives me a numeric username is the UK's Government Gateway (which also needs several highly-secure passwords and security procedures to access because it lets you do everything from file your taxes to renew your driving licence). And that's been phased out because they get so much hassle with people forgetting their logins and they're planning to tie it into email addresses or social network accounts or similar.

We use usernames for a reason. If I wanted to use numbers, I'd just allocate them a login-dongle of some kind. Good luck tracking down user123127854738's history on all your systems, even if you *do* implement logging and searching. And username auditing (is this account still in use?), and lots of other boring admin tasks which are solved by using some variation of real name even despite the inherent namespace problem.

usernames

Posted Oct 29, 2012 18:01 UTC (Mon) by Cyberax (✭ supporter ✭, #52523) [Link]

>You can't even GUESS at their username, because it's numeric

Tattoo it on their foreheads. Make it a barcode for easy machine readability.

Duh, that one was easy.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds