User talk:Earl Jacksboro

This user's request to be unblocked to request a change in username has been reviewed by an administrator, who declined the request. Other administrators may also review this block, but should not override the decision without a good reason (see the blocking policy). Do not remove this unblock review while you are blocked.

Earl Jacksboro (block log • active blocks • global blocks • autoblocks • contribs • deleted contribs • filter log • creation log • change block settings • unblock • checkuser (log))

---

Requested username:

Denj7uiqbqvdktdnagu8i4fsyjcpo (talk · contribs · deleted contribs · logs · filter log · block user · block log)

Decline reason:

old name is still identical to new one. Please choose a new username which is not confusing. — The Evil Spartan (talk) 01:16, 25 May 2008 (UTC)

Denj7uiqbqvdktdnagu8i4fsyjcpo (talk) 00:59, 25 May 2008 (UTC)

Denj7uiqbqvdktdnagu8i4fsyjcpo → Earl Jacksboro

Your request to be unblocked has been granted for the following reason(s): Allowing username change to Earl Jacksboro (talk · contribs). Please put this request in at Wikipedia:Changing username as soon as possible to avoid re-blocking. Request handled by: Mangojuicetalk 14:06, 26 May 2008 (UTC)

• Current name: Denj7uiqbqvdktdnagu8i4fsyjcpo (talk · contribs · deleted contribs · logs · target logs · block log · list user · global contribs · central auth · Google) (ping user)
• Requested name: Earl Jacksboro (talk · contribs · deleted contribs · logs · target logs · block log · list user · global contribs · central auth · Google)
• Previous renames: current user, target user, Queue: open req, closed req
• For global renamer: rename user
• Reason: Complying with rules that seem to prohibit random (and thus secure) names. Denj7uiqbqvdktdnagu8i4fsyjcpo (talk) 11:34, 25 May 2008 (UTC)

• • I will leave it to the admins already involved with your request to arrange your name change. But please note that you are apparently incorrect in one important aspect; specifically, security rests with your password, not with your username. Anyone can see your username; no-one can see your password. --Anthony.bradbury^"talk" 12:58, 26 May 2008 (UTC)

• • Thanks Anthony. Oh, this is a matter of best practice. Security-wise... a complex userid will defeat certain attack vectors for most systems, and that's why I am in the habit of using one like that as a best practice. You can look at it this way: A complex userid will *not* weaken security, but it certainly can help. My online banking id's, for example, are complex, long, and random, as are the passwords. An adversary would find it (next to) impossible to brute force my ID, let alone get as far as trying to brute force the password. Of course, banking security models are more sophisticated than this system's, and thus the userids are *not* publically visible.

In the case of this system, since userids are visible, I'd agree it doesn't make a difference for an adversary who is harvesting userids from public info, and then attacking. I would thus have an issue with a lame security design that allows any logon information to be visible in the first place, instead of using an "alias" that is *not* used to logon, as the public identifier.

But, no matter. I just want to add some info to a Wiki item, and of course will follow the standards here.Denj7uiqbqvdktdnagu8i4fsyjcpo (talk) 15:22, 26 May 2008 (UTC)

Keep in mind here that your account has very little value, since if it is compromised, you can always just create a new one (as opposed to, say, your banking accounts, which are very valuable). But if you are worried about such a situation, you might consider using Template:User committed identity as a backup. Mangojuice^talk 17:17, 27 May 2008 (UTC)