Problem solve Get help with specific problems with your technologies, process and projects.

What is the best security practice for creating/changing user names/IDs?

I am looking for a White Paper or just general information on the creation of and changing of user names -- what is the best security practice for creating/changing user names/IDs? Do you believe once a user name has been created that it should be changed?

I know of no security benefit of changing user names and IDs and can not find anything written which supports it. In fact, quite the opposite, in most organizations users have too many user names/IDs and in the interests of management and maintenances and security the goal is to identify all user IDs that are the same person. Think of changing your name in the real world. The benefit to a name change (other than legal issues such as marriage, divorce) is to confuse creditors, escape debt and other legal issues, to disguise yourself while committing a crime, etc. Also, when legal name changes are made, it is often time-consuming and problematic to get all your credit cards, history and ownership etc moved to the new name. Similar issues exist in IT.

That said, there may be a reason to do so, if for example you have identified a specific ID with a web site logon and saved it in Windows, you may need to change it to match a new identity give to you by the web site. A procedure for doing so can be found at http://support.microsoft.com/default.aspx?scid=kb;en-us;q306541&sd=tech.

Finally, it might be wise to establish a security policy that prohibits or restricts name changes unless there are accompanying legal practices, or some consolidation, or move to single sign on, or merger with other systems that use different naming conventions is required.

Dig Deeper on Windows 10 security and management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.