Wait, is bitwarden seriously peddling shit about having a difficult to guess username? They're not passwords, they're nonsensitive handles that are displayed in all social apps ffs...


> Say, for instance, your name is Jane Doe and you use janedoe as the username for your account. If a hacker knows your first and last name, a couple of quick guesses (say janedoe or jdoe) and they're halfway to accessing your account

I would not hire this person to do anything with security.

passwords and two factor are the only things that help with account security and I can't believe we're clouding the topic when we can't even get people to do that


> halfway to accessing your account

If your password is easier to guess than your username, there's something horribly wrong.

@rune To be fair, there are some risks to user enumeration: it helps attackers find valid accounts that they can go and probe for weak passwords. But the solution to that isn't a strong username, it's a strong password. 🤦

@rune@mcd.dk I particularly appreciate that the other half of accessing the account is presumably the password, if only i had a way to generate a unique password per service

@evelyn It's kinda the "other half" the same way that the chances of your account getting hacked is 50/50. Either it gets hacked or it doesn't.

@rune It does not make sense even *generously* because how would one even "try" a username without the password?
That's like saying "nuclear arming codes are made of numbers, therefore in only 10 tries someone can guess the first number, leaving only the rest of the code"

Sign in to participate in the conversation

Mastodon Community of Denmark (MCD) for Danes and other people to talk about Denmark or whatever.