Why Usernames Are Just As Bad As Passwords - Identity and Access Management

I remember a comment I heard around Y2K, paraphrasing. "When you share your username, your halfway to being hacked."

You can tell it has been a long lockdown as Shannon’s hair has lost almost all its purple.

Thank you Shannon very interesting! :)

Shannon: " I am introducing a X part series.."
My face: 😍
*turning on all notifications*

My own personal recommendation I make whenever I can:
Do NOT tie internal facing usernames with external facing usernames. E.g. Do NOT tie your fancy Cisco remote access VPN to your company Active Directory/LDAP. Generally I am on the side of "It is the administrator's job to help make technology useful, available, and usable for their users." This is one of the very few cases where I make an exception. It absolutely kills me when I see a person's company email address have the same username as their desktop/laptop login which is the same as their VPN login. This setup means that usernames to connect to your network, and to move around within your network are knowable by the filthy, unwashed internet at large.
This is the lowest hanging fruit. I know this video is getting us started moving away from the whole username/password model. But separating your users' VPN credentials from their internal network credentials is a pretty easy change to enforce.

Very good video. Really enjoyed the style of your presentation. Security is such a hot topic. Thank you for making my working from home safer.

Before video...patting self on back for good password protocol.
After video...hunched over, back to the drawing board.

Nice one shannon 🙂🙂

I worked for a medical company that was governed by HIPAA so we already had a pretty strict VPN procedure back in 2012. The few of us that had decent PC's back then really enjoyed kicking in a few hours of OT. The security loophole was the documents we had in hand from the office.

Great information. For myself with a horrible memory, I would like to see a book or list of ways to protest my identity on the internet. Something like “IAM for Dummies” like me.

Very nice, thanks. I'm still crossing my fingers for SQRL, but anything to get rid of usernames and passwords will be great

I work in technology services and the number one problem that I see is users who forget or lose their passwords. There's no good answer here like you said folks want things to be easy. Personally I use a password manager and have a different password for every account and they're long and they're difficult. I've put my wife on the same password manager with the family plan so that she can gain access to our accounts if something were to happen to me. The problem is after months of trying she still is still having a hard time using the password manager.

Shannon, I've done with same password on every sites for years. Shame on me. Unfortunately, one of my account hacked but I've changed quickly til' my lesson learned. That suck. I'm thinking about getting the Yubi keys and how reliable are they now? I've seen for years but still on Amazon. I really needs to step up security in near future. Possible get worst later. Excellent content 👌🏼

Heyo! ❤️👋

Hey just curious if you have any recommendations for good file encryption software, and if you're planning on making a video about encryption?

What do you think about services like 33mail and anonaddy? I use them to obscure my true email for lots of services and they let you make an individual email for each site, all flowing back into your main email inbox. I just worry about using it for important, sensitive accounts. Let me know if you think that’s a good strategy for “junk” accounts. Maybe you could touch on that in a video and which services are most trustworthy. I think blur allows for some of the same type of thing. Anyway, looking forward to the series!

Wow, throwing some shade in the thumbnail. :(