Possible Duplicate:
What user names should I disallow?
What potentially misleading user names would you forbid for user registration?
I think of "moderator", "admin", "administrator", "guest", "anonymous".
Do you have other suggestions?
views:
192answers:
9Superuser doesn't seem bad.
Evan Fosmark
2009-07-19 18:03:42
It does on superuser.com :)
Inshallah
2009-07-19 18:05:17
+1
A:
Your list looks to be a good start. I would also include
- sa
- dbo
One very simple, yet effective security measure is just to change the default admin login account names to something non-standard. Very simple way to avoid those who target such accounts specifically.
Chris Ballance
2009-07-19 17:58:39
+3
A:
If other users might get messages from them, you might want to add these to avoid people tricking others into giving up passwords.
- Support
- Help
- AccountServices
JohnFx
2009-07-19 17:59:48
+2
A:
Words with manager, [tech]support, and other common job designation titles. Also if you're going to take out anonymous and moderator, you may also want to take out user and owner.
facepalmd
2009-07-19 18:08:00
+1
A:
You should also avoid names that are offensive, e.g. F*CK*OFF. etc. Don't forget that people will be creative and creating speling variants, like using numbers instead of letters, etc. so you really need a perl-like processor for this.
We wrote a code-scanner for work, because some programmers would put obscenities in their comments in their code. And one day it appeared on a site because of a bug -- of a reputable major US bank.
Larry Watanabe
2009-07-19 18:15:38
Total waste of time, people will always be able to get around this. Have the ability to reset a username, but don't waste time building a system that tries to filter out all the possible permutations of offensive words.
micmcg
2009-07-20 01:42:37
+2
A:
You won't be able to create a blacklist of every possible bad name ; even if you try, and get a nice list...
... So, you definitly must have the possibility to modify a user's name (and there has to be some kind of notification sent to him, to inform him of this change ; and explaining him why is really a good idea, so that he doesn't feel to much offended)
You also should clean the names, by filtering out "bad data" : an HTML tag (in the case of a website), for instance, should not be allowed in a username, I think -- event if it is properly escaped in every output.
Maybe preventing users from using an email address is a good thing too, so they don't have their address publicly displayed, and don't get loads of spam because of your website (here too, explain to them why ! )
Fixing limits on the size of the name might also be a good thing, so that no user can say "My login is 'a', because I'm one of the oldest users" ?
Finally, only allowing ascii characters (letters (only lowercase ? ), numbers, and a couple of simple symbols) is probably good practice too...
Pascal MARTIN
2009-07-19 18:29:12
A:
You can't go wrong forbidding "Adolf Hitler" and "Jeffrey Dahmer".
MusiGenesis
2009-07-19 18:55:58