Security failure: requiring that create an account with a minimum or maximum account name size.

Why it’s a problem:

  • Ham radio operators often like to use their world-unique radio callsigns to identify themselves and they are frequently four or five characters long. So they’ll need to resort to using their given names.
  • People with relatively common given names will find that they can’t even use their own name as an account name, so they resort to made-up names, or worse – using their given name along with a year of birth, creating an even bigger security risk.

Also, in your user-feedback, don’t tell them how to social-engineer your security team. A simple and vague “input prohibited” would suffice, particularly if they’re trying to include something that your software or wetware tends to stumble with.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.