What is the point in using your username to log in?

SuperInfinity

Why not just have a strong password and no entering of a username, your username just comes up?

There is as little chance that someone will have the exact same properly chosen password as there is that they would have your username + password. Similarly, it would be just as secure, moreso in fact per keystroke.

Coriolanus

What would get displayed above "Registered User"?

starbelgrade

SuperInfinity wrote: »

Why not just have a strong password and no entering of a username, your username just comes up?

Let me guess... you're still using Internet Explorer.

Sinfonia

SuperInfinity wrote: »

Why not just have a strong password and no entering of a username, your username just comes up?

There is as little chance that someone will have the exact same properly chosen password as there is that they would have your username + password. Similarly, it would be just as secure, moreso in fact per keystroke.

Because two people could possibly use the same password. Pretty basic stuff.

KeithM89_old

SuperInfinity wrote: »

There is as little chance that someone will have the exact same properly chosen password ...

Well i hope no one else is using 'password' as their password....

SuperInfinity

Sinfonia wrote: »

Because two people could possibly use the same password. Pretty basic stuff.

But as I just stated, if the passwords are properly chosen then there would be as little chance of that happening as if two people had the exact same username + password.

SuperInfinity

Nevore wrote: »

What would get displayed above "Registered User"?

Your username still comes up, it's just contained within your password. Just like how you don't have to type what date you joined. I didn't answer this immediately because I didn't know what you meant.

Sinfonia

SuperInfinity wrote: »

But as I just stated, if the passwords are properly chosen then there would be as little chance of that happening as if two people had the exact same username + password.

Two people can't have the same username, and that's the point.
When registering, you will be told the username is unavailable if someone else has taken it.
If you were told that somebody was already using the password you've tried to set up an account with, then you could just log in under their account.

And to create suitably intricate passwords as you suggest, would be a pain for some people in terms of remembering it. UN/PW is easier and safer.

Guill

It's just to waste your time OP.

Coriolanus

SuperInfinity wrote: »

But as I just stated, if the passwords are properly chosen then there would be as little chance of that happening as if two people had the exact same username + password.

But since the Interweb Emancipation Act of 2001, people over the age of 35 have been using the internet. They don't understand things like "no, don't use your username as your password. Or the dogs name. No, mam, it's not a really good idea to use your credit card number either. Yes, I know random numbers and letters look hard, but you can write it down somewhere if you really need to. No, not on a piece of paper stuck to the monitor at your desk in the bank you work at."

Edit:

SuperInfinity wrote: »

Your username still comes up, it's just contained within your password. Just like how you don't have to type what date you joined. I didn't answer this immediately because I didn't know what you meant.

Yeah, I know. I was being facetious.

alwaysadub

Just leave yourself logged in.
Problem solved.

SuperInfinity

Sinfonia wrote: »

Two people can't have the same username, and that's the point.

lol, oh yeah. Ok I admit I forgot this. :rolleyes:

Okay what if the first five letters of your password had to be unique? But I still maintain it wouldn't happen anyway, a few more keystrokes and it would very fast be as unlikely as if you typed someone's username and were guessing the passwords.

Sinfonia wrote: »

When registering, you will be told the username is unavailable if someone else has taken it.
If you were told that somebody was already using the password you've tried to set up an account with, then you could just log in under their account.

And to create suitably intricate passwords as you suggest, would be a pain for some people in terms of remembering it. UN/PW is easier and safer.

I get tired of typing them in though. I'm not convinced it's easier (for a particular level of safety).

El Weirdo

SuperInfinity wrote: »

lol, oh yeah. Ok I admit I forgot this. :rolleyes:

Okay what if the first five letters of your password had to be unique?

I know, let's just leave it as it is, ok?

SuperInfinity wrote: »

I get tired of typing them in though. I'm not convinced it's easier.

What sort of 1990s browser are you using that doesn't have autofill for your usernames?

Sinfonia

SuperInfinity wrote: »

lol, oh yeah. Ok I admit I forgot this. :rolleyes:

Okay what if the first five letters of your password had to be unique?

XD I admire your obduracy my good man.

You should have chosen a shorter username :P

Pauleta

I think you should need a semen sample to log in

ejmaztec

SuperInfinity wrote: »

lol, oh yeah. Ok I admit I forgot this. :rolleyes:

Okay what if the first five letters of your password had to be unique? But I still maintain it wouldn't happen anyway, a few more keystrokes and it would very fast be as unlikely as if you typed someone's username and were guessing the passwords.



I get tired of typing them in though. I'm not convinced it's easier (for a particular level of safety).

You could always solve this by not logging in at all.:p

Sinfonia

Pauleta wrote: »

I think you should need a semen sample to log in

I would think semen samples are generally produced immediately before leaving a website :P

bleg

If you type your password in here it comes up as ********* to other users.

copacetic

Pauleta wrote: »

I think you should need a semen sample to log in

Whose?

ocallagh

Two important security features of a username:

With just one password, you will never be able to associate a failed login attempt with an account.
A username can safely be used as a unique identifier.

Sinfonia

bleg wrote: »

If you type your password in here it comes up as ********* to other users.

blegisabiggay6969 omfgz it works!!

KeithM89_old

bleg wrote: »

If you type your password in here it comes up as ********* to other users.

'erectileDysfunction'



Does it??
:pac:

Black Swan

Pauleta wrote: »

I think you should need a semen sample to log in

What if you have more than one b/f? Have multiple accounts?

Red Hand

Black Swan wrote: »

What if you have more than one b/f? Have multiple accounts?

And what if you were a heterosexual male and didn't have a boyfriend? Log in with an egg?

Sinfonia

Jeremiah 16:1 wrote: »

And what if you were a heterosexual male and didn't have a boyfriend? Log in with an egg?

Look down.

foxinsox

Nevore wrote: »

But since the Interweb Emancipation Act of 2001, people over the age of 35 have been using the internet. They don't understand things like "no, don't use your username as your password. Or the dogs name. No, mam, it's not a really good idea to use your credit card number either. Yes, I know random numbers and letters look hard, but you can write it down somewhere if you really need to. No, not on a piece of paper stuck to the monitor at your desk in the bank you work at."

But since the Internet was invented by people who are over 35 now, the Information Super Highway Emancipation Act of 1969, code III Sub. IV states that people under the age of 35 cannot make such vast generalisations as their generalisations may deem to be biased towards their experience only with their ma.

http://en.wikipedia.org/wiki/Timeline_of_popular_Internet_services

Gordon

SuperInfinity wrote: »

But as I just stated, if the passwords are properly chosen then there would be as little chance of that happening

Ah if only the world was perfect.

Liam Byrne

SuperInfinity wrote: »

But as I just stated, if the passwords are properly chosen then there would be as little chance of that happening as if two people had the exact same username + password.

You're dealing with the public....you can't rely on stuff like that.

OutlawPete

OP, if you were able to do that from tomorrow, then the password you would choose, would most likely have to be so complex (must contain ten charters, four digits and a ex girlfriend's phone number) that it would take you just as long to type it in, as it does now to type in both.

Knasher

SuperInfinity wrote: »

Okay what if the first five letters of your password had to be unique?

That's equivalent to putting a limit of 5 letters to user names. It's safe enough then but you haven't really saved anything by doing it and you have put an upper limit on the number of registered users.

Just to be exact, if you only allow letters and numbers you would be limiting yourself to 376992 users only. (and to take it a little further, boards passed that number in September last year)

red menace

“Before I broke into the IT racket,” Scott Simons writes, “I was a front-line Customer Service Rep. At the time, the procedure for logging into our service management system was a bit puzzling.”
“Like many organizations, your User ID was assigned by the company, but you had to choose your own password. But instead of having a screen to do that, you had to fill out a Password Request Form and fax it corporate headquarters. And then things got strange.
“There was a 50/50 chance that corporate would reject your password. There was no rhyme or reason, such as not having enough numeric characters, or anything like that. It was just a simple notice, sent back via fax: Your password was not created. Please choose a different password.
“Actually, their rejection messages weren’t always so simple. I decided to change my password one day to something more secure – two mixed-case passwords with numbers and special characters – but IT rejected it because they couldn’t read my handwriting. I typed out my secure password and then refaxed it. They responded that they changed my password... but not to what I picked: they just randomly chose some word, like frequency. Evidently they were tired of dealing with me.

“And then, one day, everything clicked. I became enlightened when I mistakenly typed in a password that I had unsuccessfully requested at one time in the past: instead of a invalid credentials message, I found myself logged in as a completely different user.
“A little testing (at other people’s workstations, just in case) confirmed my incredible suspicion: the User ID field on the login screen was a dummy. The login script looked only at the password field, comparing it to the list of passwords; if it matched, you were logged in as the user who owned that password, regardless of what User ID you had entered into the screen. The reason that passwords were sometimes rejected was simply that each user had to have a unique password for this ‘security’ scheme to work.
“I guess you could call it could call it fake one-factor authentication? Or half-factor authentication?
“After playing around a bit more, it was really easy to find some poorly-thought out passwords that belonged to users with much more powerful system permissions than mine. I believe one of them was a sales manager in Boston, who was apparently fond of kittens.
“I never chose to wreak any havoc with this knowledge – or even share this crazy scheme with my coworkers – but I’m glad I can finally tell someone about it today.

I also work in IT and I know people are using the most retarded passwords ever
My current password is touching 30 characters long, it sometimes takes me more than one attempt to get it right