F13: only others user is available at login
Bruno Wolff III
bruno at wolff.to
Tue Feb 23 05:29:11 UTC 2010
On Mon, Feb 22, 2010 at 09:59:56 +0000,
Alan Milnes <asm at linux.com> wrote:
>
> To login you need the username and password - why help the bad guys by
> giving them 50% of the information they need?
Usernames typcially have a lot less entropy than passwords. You should be
giving your opponents no where near 50% of the information they need to
guess a valid username password combination by giving them a list of usernames.
More information about the test
mailing list