{"id":9120,"date":"2017-02-12T20:55:37","date_gmt":"2017-02-13T04:55:37","guid":{"rendered":"http:\/\/www.oeconomist.com\/blogs\/daniel\/?p=9120"},"modified":"2017-02-17T16:04:27","modified_gmt":"2017-02-18T00:04:27","slug":"a-minor-note-on-the-myth-of-admin","status":"publish","type":"post","link":"https:\/\/www.oeconomist.com\/blogs\/daniel\/?p=9120","title":{"rendered":"A Minor Note on the Myth of <q><code style=\"font-weight: bolder ;\">admin<\/code><\/q>"},"content":{"rendered":"<p>This evening, I was looking at a record of recent failed attempts to log into this &#39;blog.  I found that relatively few attempts tried to do so with the popular username of <q><code>admin<\/code><\/q>, where&auml;s by far the majority were with the username <q><code>oeconomist<\/code><\/q> (that it to say with the second-level domain name).  There is not and never has been an account here with username <q><code>oeconomist<\/code><\/q>; the would-be intruder was guessing mistakenly &mdash; but not unreasonably.  If my logs are representative, then having an account name match a second-level domain name is less secure than having it be <q><code>admin<\/code><\/q>.  With people avoiding <q><code>admin<\/code><\/q>, it is natural for crackers to try other likely candidates, including candidates whose probabilities are conditional upon the domain names.<\/p> <p>Mind you that the reasoning of <a href=\"?p=8197\">my earlier explanation of why the avoidance of <q><code>admin<\/code><\/q> doesn't add a discernible amount of security if passcodes are properly selected<\/a> can be applied to avoiding a username that matches a domain name.  An account with a <em>known<\/em> username and a well-chosen password of <var>m<\/var>+<var>n<\/var> characters is <em>more<\/em> secure than an account with a secret <var>m<\/var>-character username and an <var>n<\/var>-character password.<\/p> <p>Choose a username that pleases you.  Choose a password that is long and that looks like chaos, and make occasional changes to it.<\/p>","protected":false},"excerpt":{"rendered":"This evening, I was looking at a record of recent failed attempts to log into this &#39;blog. I found that relatively few attempts tried to do so with the popular username of admin, where&auml;s by far the majority were with the username oeconomist (that it to say with the second-level domain name). There is not [&hellip;]","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_bbp_topic_count":0,"_bbp_reply_count":0,"_bbp_total_topic_count":0,"_bbp_total_reply_count":0,"_bbp_voice_count":0,"_bbp_anonymous_reply_count":0,"_bbp_topic_count_hidden":0,"_bbp_reply_count_hidden":0,"_bbp_forum_subforum_count":0,"footnotes":""},"categories":[6,69,4],"tags":[1078,1080,325,744,1396,327],"class_list":["post-9120","post","type-post","status-publish","format-standard","hentry","category-commentary","category-information-technology","category-public","tag-cracking","tag-hacking","tag-passwords","tag-security","tag-user-identification","tag-usernames"],"_links":{"self":[{"href":"https:\/\/www.oeconomist.com\/blogs\/daniel\/index.php?rest_route=\/wp\/v2\/posts\/9120","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.oeconomist.com\/blogs\/daniel\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.oeconomist.com\/blogs\/daniel\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.oeconomist.com\/blogs\/daniel\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.oeconomist.com\/blogs\/daniel\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=9120"}],"version-history":[{"count":0,"href":"https:\/\/www.oeconomist.com\/blogs\/daniel\/index.php?rest_route=\/wp\/v2\/posts\/9120\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.oeconomist.com\/blogs\/daniel\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=9120"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.oeconomist.com\/blogs\/daniel\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=9120"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.oeconomist.com\/blogs\/daniel\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=9120"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}