Security Audit / Duplicate Usernames or UIDs

jmb679

An enhancement suggestion: Add a Security Audit, similar to the Duplicate Password filter, that lists Duplicate Usernames, grouped as in the Duplicate Password filter (and alpha sorted within the group).

jpgoldberg

Hi @jmb679! That is a great question.

There are two schools of thought on this. The one to which I belong says that using something that was never designed to be secret (like usernames) as secrets causes more trouble in the long run then it is worth. I've made this point about the mess we are in with credit card and social security numbers. Most services aren't designed to keep your username secret, and so it would be a very big mistake to come to rely on the secrecy of usernames.

There is one use case using different usernames, and this is for general privacy. If you operate in different environments you may wish to maintain multiple personas. This is actually a very difficult thing to do, as you need to have Persona A and Persona B always use different email addresses on registration forms and so on. 1Password can help with that by allowing you to put your personas in different vaults. But that is only a small part of what is needed to maintain multiple personas securely.

So outside of those sorts of privacy issues, I think that trying to use different usernames may create more trouble than help. However, this is hardly a settled question. There are plenty of very bright people who disagree with me.