Security Concern: Usernames in Email Addressed
Posted on 2007-03-28
Our organization currently assigns email accounts for our staff using their username…
Example: If the username is smith123, then their email address is firstname.lastname@example.org
When we consider security, we now realize this isn’t the preferred method of assigning email accounts. Now the decision/question is do we…
A) Reassign email accounts, change all the business cards, contact everyone that has our emails addresses on record and hope they update their records… OR
B) Change the usernames, make changes in all the programs the reference these usernames in hardcode, watch for any anomalies and hope nothing is failing ‘under the hood.’
Another option/question is how vulnerable are we to leave things the way they are? If passwords consist of eight complex characters (a-z,A-Z,0-9, !-$), would bumping this up to 10 charters be the ‘easy’ solution?