User talk:Earl Jacksboro

From Wikipedia, the free encyclopedia

This blocked user (block log | autoblocks | unblock | contribs) has asked to be unblocked, but one or more administrators has reviewed and declined this request. Other administrators can also review this block, but should not override the decision without good reason (see the blocking policy). This unblock request continues to be visible. Do not replace this message with another unblock request.

Request reason: "This user has requested to be unblocked so that he/she can file a request on Wikipedia:Changing username to change his/her name to Denj7uiqbqvdktdnagu8i4fsyjcpo (talk · contribs)."

Decline reason: "old name is still identical to new one. Please choose a new username which is not confusing. — The Evil Spartan (talk) 01:16, 25 May 2008 (UTC)"

Denj7uiqbqvdktdnagu8i4fsyjcpo (talk) 00:59, 25 May 2008 (UTC)

[edit] Denj7uiqbqvdktdnagu8i4fsyjcpo → Earl Jacksboro

Your request to be unblocked has been granted for the following reason(s):

Allowing username change to Earl Jacksboro (talk · contribs). Please put this request in at Wikipedia:Changing username as soon as possible to avoid re-blocking.

Request handled by: Mango juice^talk 14:06, 26 May 2008 (UTC)

Current name: Denj7uiqbqvdktdnagu8i4fsyjcpo (talk · contribs · logs · block log)
Requested name: Earl Jacksboro (SUL conflicts?) (rename user)
Reason: Complying with rules that seem to prohibit random (and thus secure) names. Denj7uiqbqvdktdnagu8i4fsyjcpo (talk) 11:34, 25 May 2008 (UTC)

- I will leave it to the admins already involved with your request to arrange your name change. But please note that you are apparently incorrect in one important aspect; specifically, security rests with your password, not with your username. Anyone can see your username; no-one can see your password. --Anthony.bradbury^"talk" 12:58, 26 May 2008 (UTC)

- Thanks Anthony. Oh, this is a matter of best practice. Security-wise... a complex userid will defeat certain attack vectors for most systems, and that's why I am in the habit of using one like that as a best practice. You can look at it this way: A complex userid will *not* weaken security, but it certainly can help. My online banking id's, for example, are complex, long, and random, as are the passwords. An adversary would find it (next to) impossible to brute force my ID, let alone get as far as trying to brute force the password. Of course, banking security models are more sophisticated than this system's, and thus the userids are *not* publically visible.

In the case of this system, since userids are visible, I'd agree it doesn't make a difference for an adversary who is harvesting userids from public info, and then attacking. I would thus have an issue with a lame security design that allows any logon information to be visible in the first place, instead of using an "alias" that is *not* used to logon, as the public identifier.

But, no matter. I just want to add some info to a Wiki item, and of course will follow the standards here.Denj7uiqbqvdktdnagu8i4fsyjcpo (talk) 15:22, 26 May 2008 (UTC)

Keep in mind here that your account has very little value, since if it is compromised, you can always just create a new one (as opposed to, say, your banking accounts, which are very valuable). But if you are worried about such a situation, you might consider using Template:User committed identity as a backup. Mango juice^talk 17:17, 27 May 2008 (UTC)

User talk:Earl Jacksboro

From Wikipedia, the free encyclopedia

[edit] Denj7uiqbqvdktdnagu8i4fsyjcpo → Earl Jacksboro

Views

Navigation

Interaction

Search