Topic: Username login security?

Can we have upper / lower case enforcement on the username for the login screen?

Right now to login any combination of upper or lower case letters logs in successfully

Admin
is the same as
admin
or
aDmin
or admiN

all work.

Username is half the login key, should have same check as passwords ...

Thanks!!

Re: Username login security?

I agree..

Re: Username login security?

I am not so sure about this. It is very common to let the username be case insensitive.
It is more important that the password is strong. And, really, this is not a Fort Knox issue.

Joe

Re: Username login security?

@joe
I like the Fort Knox analogy... smile big_smile
I still agree that we need a stronger userid. Most of the sites I visit now have userid rules (not passwords only). This admin is very trivial... of course users need to change it anyway..

5 (edited by Technicavolous 07/21/2021 04:28:50 pm)

Re: Username login security?

Thanks for the reply and consideration.

More and more user / pass is looking at user rules. I used admin as example, we had set up users with upper / lower case and characters and determined case was insensitive. It's nothing new -

https://passwordbits.com/usernames-need-unique/

just for your consideration ...

Thanks!!

Re: Username login security?

@joe , basically we have md5 encryption,  which is ok for Password. But now a days. Securing our framework is more important.  Than enhancing it. People are looking with two step authentications to prevent unknown tries.  But I feel the username case sensitive is a good to have for customers.