<div>
<div class="content wysiwyg-content">
Our organization currently assigns email accounts for our staff using their username…<br />
<br />
Example: If the username is smith123, then their email address is smith123@ourcompany.com<br />
<br />
When we consider security, we now realize this isn’t the preferred method of assigning email accounts. Now the decision/question is do we…<br />
<br />
A) Reassign email accounts, change all the business cards, contact everyone that has our emails addresses on record and hope they update their records… OR<br />
<br />
B) Change the usernames, make changes in all the programs the reference these usernames in hardcode, watch for any anomalies and hope nothing is failing ‘under the hood.’<br />
<br />
Another option/question is how vulnerable are we to leave things the way they are? If passwords consist of eight complex characters (a-z,A-Z,0-9, !-$), would bumping this up to 10 charters be the ‘easy’ solution?
</div>
</div>


Our organization currently assigns email accounts for our staff using their username…

Example: If the username is smith123, then their email address is smith123@ourcompany.com

When we consider security, we now realize this isn’t the preferred method of assigning email accounts. Now the decision/question is do we…

A) Reassign email accounts, change all the business cards, contact everyone that has our emails addresses on record and hope they update their records… OR

B) Change the usernames, make changes in all the programs the reference these usernames in hardcode, watch for any anomalies and hope nothing is failing ‘under the hood.’

Another option/question is how vulnerable are we to leave things the way they are? If passwords consist of eight complex characters (a-z,A-Z,0-9, !-$), would bumping this up to 10 charters be the ‘easy’ solution?

Security Concern: Usernames in Email Addressed

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.