Ask HN: Login Name as Alternative to Username

Y	Hacker News new \| ask \| show \| jobs

3 points by anonHash 1916 days ago

Noticed MSN account was getting multiple sign in attempts a day from IP addresses in Russia or Africa. Realizing it had become a target, I could assign phone number as primary login. And remove login via email address.

Thinking about making this a generic security practice. For all accounts with public facing usernames.

Is this something talked about in security circles? I have to go through workarounds to make this possible for certain accounts. So this is not easy.

1 comments

onlinejk 1916 days ago

To clarify, am I right to interpret this:

* "I could assign phone number as primary login"

... as equal to this:

* Change old login value (wasabi@weasel.tv) to new login value (3035551212)

If so, personally I wouldn't like that most of my usernames were going to be same. I realize different usernames is security through obscurity at best, but that is my initial reaction.

link

anonHash 1916 days ago

I agree.

If username is public, then it is not secure by obscurity. Email addresses for email account are public. So by changing login from email address to phone number we enhance security.

At the same time, we change it to a unique username instead of phone number we also enhance security.

link