Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!utgpu!water!watnot!watmath!clyde!rutgers!mit-eddie!apollo!arnold From: arnold@apollo.UUCP Newsgroups: comp.unix.wizards Subject: Re: Unix userid conventions Message-ID: <339af4a6.ae48@apollo.uucp> Date: Wed, 11-Mar-87 16:09:00 EST Article-I.D.: apollo.339af4a6.ae48 Posted: Wed Mar 11 16:09:00 1987 Date-Received: Thu, 12-Mar-87 23:58:01 EST References: <4788@brl-adm.ARPA> Reply-To: arnold@apollo.UUCP (Ken Arnold) Organization: Apollo Computer, Chelmsford, MA Lines: 25 In article <4788@brl-adm.ARPA> MARSELLE%gmr.com@RELAY.CS.NET writes: >Until recently, userids on the Suns consisted of users' last >names. Our IBM systems use userids which are unique 6-character >alphanumeric codes obtained by taking a user's Social Security >Number base 36 (or something like that). As far as the user is >concerned, it's a random userid (e.g. QZX1RS). In the interest >of security. the powers that be have decided to use this type of >userid on the Sun system. How about the following: by using your Soc Sec # as your login id, everyone on the system knows everyone else's Soc Sec #. This is pretty absurd. SSN's are a little too useful for accessing info about people to make them public. I sure wouldn't want my SSN to be widely known -- do you? Suggest using bank account #s instead -- that, at least, is only *one* of the peices of info generally available using the SSN. See how they react to *that* suggestion. This is all in addition to the fact that ugly login names are no deterrent whatsoever. My login name is very publicly known -- every time I post to usenet thousands of people can see it. If I want anyone to send me mail *they* get my login name. *Passwords* are the point of security, and many techniques are already available to deal with that. Ken Arnold uucp address: apollo!