Solved

Security Concern: Usernames in Email Addressed

Posted on 2007-03-28
2
258 Views
Last Modified: 2011-09-20
Our organization currently assigns email accounts for our staff using their username…

Example: If the username is smith123, then their email address is smith123@ourcompany.com

When we consider security, we now realize this isn’t the preferred method of assigning email accounts. Now the decision/question is do we…

A) Reassign email accounts, change all the business cards, contact everyone that has our emails addresses on record and hope they update their records… OR

B) Change the usernames, make changes in all the programs the reference these usernames in hardcode, watch for any anomalies and hope nothing is failing ‘under the hood.’

Another option/question is how vulnerable are we to leave things the way they are? If passwords consist of eight complex characters (a-z,A-Z,0-9, !-$), would bumping this up to 10 charters be the ‘easy’ solution?
0
Comment
Question by:todjklki
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 27

Accepted Solution

by:
Tolomir earned 63 total points
ID: 18809649
I would simply start with additional official email addresses.

like firstname_surname@company.com (or j.sixpack@company.com)

The now active email addresses could be kept, just when it's time to make new business cards use the new email address. Also change the signatures in your emails to match the new email-addresses.

After a year or two the "old" email addresses will be forgotten by your business partners, within company you can use them as long as you wish.

Tolomir
0
 
LVL 32

Assisted Solution

by:r-k
r-k earned 62 total points
ID: 18812288
Good advice from Tolomir. I just want to add that IMO a 10-char password is always much much better than an 8-char password. In fact length of the password is much more important than the complexity, so long as single dictionary words and common names are avoided.

Whether you should change the email addresses right-away or use Tolomir's suggestion depends on your particular security requirement. In a highly secure environment, probably yes, but other steps such as firewall, lock-outs, password length etc. are surely more important than hiding usernames.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question