Q

What is the best security practice for creating/changing user names/IDs?

I am looking for a White Paper or just general information on the creation of and changing of user names -- what is the best security practice for creating/changing user names/IDs? Do you believe once a user name has been created that it should be changed?

I know of no security benefit of changing user names and IDs and can not find anything written which supports it. In fact, quite the opposite, in most organizations users have too many user names/IDs and in the interests of management and maintenances and security the goal is to identify all user IDs that are the same person. Think of changing your name in the real world. The benefit to a name change (other than legal issues such as...

marriage, divorce) is to confuse creditors, escape debt and other legal issues, to disguise yourself while committing a crime, etc. Also, when legal name changes are made, it is often time-consuming and problematic to get all your credit cards, history and ownership etc moved to the new name. Similar issues exist in IT.

That said, there may be a reason to do so, if for example you have identified a specific ID with a web site logon and saved it in Windows, you may need to change it to match a new identity give to you by the web site. A procedure for doing so can be found at http://support.microsoft.com/default.aspx?scid=kb;en-us;q306541&sd=tech.

Finally, it might be wise to establish a security policy that prohibits or restricts name changes unless there are accompanying legal practices, or some consolidation, or move to single sign on, or merger with other systems that use different naming conventions is required.

This was first published in July 2004

Dig deeper on User passwords and network permissions

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close