I get so fucking tired..
> Say, for instance, your name is Jane Doe and you use janedoe as the username for your account. If a hacker knows your first and last name, a couple of quick guesses (say janedoe or jdoe) and they're halfway to accessing your account
I would not hire this person to do anything with security.
> halfway to accessing your account
If your password is easier to guess than your username, there's something horribly wrong.
@rune To be fair, there are some risks to user enumeration: it helps attackers find valid accounts that they can go and probe for weak passwords. But the solution to that isn't a strong username, it's a strong password. 🤦
@firstname.lastname@example.org I particularly appreciate that the other half of accessing the account is presumably the password, if only i had a way to generate a unique password per service
@evelyn It's kinda the "other half" the same way that the chances of your account getting hacked is 50/50. Either it gets hacked or it doesn't.
@rune It does not make sense even *generously* because how would one even "try" a username without the password?
That's like saying "nuclear arming codes are made of numbers, therefore in only 10 tries someone can guess the first number, leaving only the rest of the code"
Mastodon Community of Denmark (MCD) for Danes and other people to talk about Denmark or whatever.