Thursday, January 8, 2009

Twitter password

Pretty much everyone is talking about the twitter breach that happened this week and how twitter could've prevented it. One thing that I noticed about the whole ordeal was how the username wasn't secret (in fact they can even be farmed with a bot).

It's a well known fact that hackers use dictionary attacks to find passwords, so shouldn't we be making usernames secret too? I mean, a hacker doesn't necessarily care who they hacked, if it was a celebrity, that's just brownie points.

I don't see what's the big deal with having an extra column on the db (one for username and one for display name), since having the two separated also gives us the benefit of being able to use our favorite display name, even if someone we'll never talk to has the same display name.

No comments:

Post a Comment