A Minor Note on the Myth of admin
12 February 2017
admin
This evening, I was looking at a record of recent failed attempts to log into this 'blog. I found that relatively few attempts tried to do so with the popular username of
, whereäs by far the majority were with the username admin
(that it to say with the second-level domain name). There is not and never has been an account here with username oeconomist
; the would-be intruder was guessing mistakenly — but not unreasonably. If my logs are representative, then having an account name match a second-level domain name is less secure than having it be oeconomist
. With people avoiding admin
, it is natural for crackers to try other likely candidates, including candidates whose probabilities are conditional upon the domain names.admin
Mind you that the reasoning of my earlier explanation of why the avoidance of
doesn't add a discernible amount of security if passcodes are properly selected can be applied to avoiding a username that matches a domain name. An account with a known username and a well-chosen password of m+n characters is more secure than an account with a secret m-character username and an n-character password.admin
Choose a username that pleases you. Choose a password that is long and that looks like chaos, and make occasional changes to it.
Tags: cracking, hacking, passwords, security, user identification, usernames
Leave a Reply