User ID policies

From: Mark Landin (mark.landin@tdwilliamson.com)
Date: 07/15/02


From: mark.landin@tdwilliamson.com (Mark Landin)
Date: Mon, 15 Jul 2002 14:04:50 GMT


There are couple of different schemes a company can use to create user
ids for use in a network. Are there some generally accepted "best
practices" when it comes to defining a user id scheme as it relates to
security? (For instance, I suppose a totally randomized userid would
be most secure because it would remove the hacker's ability to
determine any kind of userid patten and thus make cracking attempts
more difficult ... but from the user and admin perspective it's not
very palatable...)