|
|
|
|
|
Posted by =?Utf-8?B?TmV3U2VjVGVjaA==?= on October 24, 2006, 1:31 pm
If you were Registered and logged in, you could reply and use other advanced thread options
I'd like to know the cons of hiding last user name in the logon dialog. The
pros are obvious...why give away half the key to the castle? I'll be darned
if I can think of one GOOD reason to leave it displayed. My company has rec'd
a policy change recommendation, to blank it out, and they want the P's and
C's of it. Hit me with both arguments if you wish...
Thanks much.
|
|
Posted by Alun Jones [MS-MVP - Windows S on October 24, 2006, 4:35 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> I'd like to know the cons of hiding last user name in the logon dialog.
> The
> pros are obvious...why give away half the key to the castle? I'll be
> darned
> if I can think of one GOOD reason to leave it displayed. My company has
> rec'd
> a policy change recommendation, to blank it out, and they want the P's and
> C's of it. Hit me with both arguments if you wish...
The cons of this are more intellectual than technical - and you are
exhibiting the cons already.
You have a tendency to think of the username as "half the key". It is not.
It is a claim of identity. The password is a proof of that claim. The
username is a label on the key, to identify who it belongs to, if you must
use that analogy.
The operating system is designed with the requirement that the password is
secret, and with the assumption that the username is public.
Do not make any changes that make the assumption that your username is
secret, because you will give the impression that usernames are sufficient
as claim _and_ proof of identity - not for the Windows logon, obviously,
because that will require the password - but what about a user-designed
application or web service? Someone educated in a culture that assumes the
username to be secret may be tempted to act as if the username is secret,
and is therefore sufficient as an identifier and an authenticator.
Don't pretend that usernames are secret. They are public. Display them
every so often to remind people of this fact.
Alun.
~~~~
|
|
Posted by =?Utf-8?B?TmV3U2VjVGVjaA==?= on October 26, 2006, 2:05 pm
If you were Registered and logged in, you could reply and use other advanced thread options
I should apologize for playing the fool, as I'm a former consultant and
have held a MCSE cert for over 10 years, and work for a State IT division in
security.
Among the 3 replies, I have gotten the 3 acceptable answers, from 3
perspectives, but I needed other credentialed and similar opinions to pass on
to higher ups.
Much appreciated!!
"Alun Jones [MS-MVP - Windows Security]" wrote:
> > I'd like to know the cons of hiding last user name in the logon dialog.
> > The
> > pros are obvious...why give away half the key to the castle? I'll be
> > darned
> > if I can think of one GOOD reason to leave it displayed. My company has
> > rec'd
> > a policy change recommendation, to blank it out, and they want the P's and
> > C's of it. Hit me with both arguments if you wish...
>
> The cons of this are more intellectual than technical - and you are
> exhibiting the cons already.
>
> You have a tendency to think of the username as "half the key". It is not.
> It is a claim of identity. The password is a proof of that claim. The
> username is a label on the key, to identify who it belongs to, if you must
> use that analogy.
>
> The operating system is designed with the requirement that the password is
> secret, and with the assumption that the username is public.
>
> Do not make any changes that make the assumption that your username is
> secret, because you will give the impression that usernames are sufficient
> as claim _and_ proof of identity - not for the Windows logon, obviously,
> because that will require the password - but what about a user-designed
> application or web service? Someone educated in a culture that assumes the
> username to be secret may be tempted to act as if the username is secret,
> and is therefore sufficient as an identifier and an authenticator.
>
> Don't pretend that usernames are secret. They are public. Display them
> every so often to remind people of this fact.
>
> Alun.
> ~~~~
>
>
>
|
|
Posted by Steve Riley [MSFT] on November 4, 2006, 4:24 pm
If you were Registered and logged in, you could reply and use other advanced thread options
As Alun mentions, identity is public. This is a fundamental concept of =
computer science. To attempt to treat it as private will create problems =
for you.
My article "Is me and here's my proof: Why identity and authentication =
must remain distinct" covers this concept in some detail. There's also a =
bit of discussion on my blog.
Article: =
http://www.microsoft.com/technet/community/columns/secmgmt/sm0206.mspx
Blog post: =
http://blogs.technet.com/steriley/archive/2006/02/16/It_2700_s-me_2C00_-a=
nd-here_2700_s-my-proof_3A00_-why-identity-and-authentication-must-remain=
-distinct.aspx
______________________________________________________
Steve Riley
steve.riley@microsoft.com
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com
Thanks Alun,
I should apologize for playing the fool, as I'm a former consultant =
and =20
have held a MCSE cert for over 10 years, and work for a State IT =
division in=20
security.
Among the 3 replies, I have gotten the 3 acceptable answers, from 3=20
perspectives, but I needed other credentialed and similar opinions to =
pass on=20
to higher ups.
Much appreciated!!
"Alun Jones [MS-MVP - Windows Security]" wrote:
> > I'd like to know the cons of hiding last user name in the logon =
dialog.=20
> > The
> > pros are obvious...why give away half the key to the castle? I'll =
be=20
> > darned
> > if I can think of one GOOD reason to leave it displayed. My =
company has=20
> > rec'd
> > a policy change recommendation, to blank it out, and they want the =
P's and
> > C's of it. Hit me with both arguments if you wish...
>=20
> The cons of this are more intellectual than technical - and you are=20
> exhibiting the cons already.
>=20
> You have a tendency to think of the username as "half the key". It =
is not.=20
> It is a claim of identity. The password is a proof of that claim. =
The=20
> username is a label on the key, to identify who it belongs to, if =
you must=20
> use that analogy.
>=20
> The operating system is designed with the requirement that the =
password is=20
> secret, and with the assumption that the username is public.
>=20
> Do not make any changes that make the assumption that your username =
is=20
> secret, because you will give the impression that usernames are =
sufficient=20
> as claim _and_ proof of identity - not for the Windows logon, =
obviously,=20
> because that will require the password - but what about a =
user-designed=20
> application or web service? Someone educated in a culture that =
assumes the=20
> username to be secret may be tempted to act as if the username is =
secret,=20
> and is therefore sufficient as an identifier and an authenticator.
>=20
> Don't pretend that usernames are secret. They are public. Display =
them=20
> every so often to remind people of this fact.
>=20
> Alun.
> ~~~~=20
>=20
>=20
>
------=_NextPart_000_0104_01C70014.7F8D6FB0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dwindows-1252">
<STYLE></STYLE>
<META content=3D"MSHTML 6.00.5750.0" name=3DGENERATOR></HEAD>
<BODY id=3DMailContainerBody=20
style=3D"PADDING-RIGHT: 10px; PADDING-LEFT: 10px; FONT-SIZE: 12pt; =
COLOR: #000000; PADDING-TOP: 15px; FONT-FAMILY: Cambria"=20
bgColor=3D#ffffff leftMargin=3D0 topMargin=3D0 CanvasTabStop=3D"true" =
acc_role=3D"text"=20
name=3D"Compose message area">
<DIV>As Alun mentions, identity is public. This is a fundamental concept =
of=20
computer science. To attempt to treat it as private will create problems =
for=20
you.</DIV>
<DIV> </DIV>
<DIV>My article "Is me and here's my proof: Why identity and =
authentication must=20
remain distinct" covers this concept in some detail. There's also a bit =
of=20
discussion on my blog.</DIV>
<DIV> </DIV>
<DIV>Article: <A=20
title=3Dhttp://www.microsoft.com/technet/community/columns/secmgmt/sm0206=
.mspx=20
href=3D"http://www.microsoft.com/technet/community/columns/secmgmt/sm0206=
.mspx">http://www.microsoft.com/technet/community/columns/secmgmt/sm0206.=
mspx</A></DIV>
<DIV> </DIV>
<DIV>Blog post: <A=20
title=3Dhttp://blogs.technet.com/steriley/archive/2006/02/16/It_2700_s-me=
_2C00_-and-here_2700_s-my-proof_3A00_-why-identity-and-authentication-mus=
t-remain-distinct.aspx=20
href=3D"http://blogs.technet.com/steriley/archive/2006/02/16/It_2700_s-me=
_2C00_-and-here_2700_s-my-proof_3A00_-why-identity-and-authentication-mus=
t-remain-distinct.aspx">http://blogs.technet.com/steriley/archive/2006/02=
/16/It_2700_s-me_2C00_-and-here_2700_s-my-proof_3A00_-why-identity-and-au=
thentication-must-remain-distinct.aspx</A></DIV>
<DIV><BR>______________________________________________________<BR>Steve =
Riley<BR><A title=3Dmailto:steve.riley@microsoft.com=20
R><A=20
title=3Dhttp://blogs.technet.com/steriley=20
href=3D"http://blogs.technet.com/steriley">http://blogs.technet.com/steri=
ley</A><BR><A=20
title=3Dhttp://www.protectyourwindowsnetwork.com/=20
href=3D"http://www.protectyourwindowsnetwork.com">http://www.protectyourw=
indowsnetwork.com</A></DIV>
<DIV> </DIV>
<DIV> </DIV>
<BLOCKQUOTE=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"NewSecTech" <<A =
title=3Dmailto:NewSecTech@discussions.microsoft.com=20
=
ns.microsoft.com</A>>=20
wrote in message <A=20
=
F66AB-04C4-4021-B614-8525804FE39C@microsoft.com</A>...</DIV>Thanks=20
Alun,<BR><BR>I should apologize for playing the fool, as I'm a former=20
consultant and <BR>have held a MCSE cert for over 10 years, and =
work for=20
a State IT division in <BR>security.<BR><BR>Among the 3 replies, I =
have gotten=20
the 3 acceptable answers, from 3 <BR>perspectives, but I needed other=20
credentialed and similar opinions to pass on <BR>to higher =
ups.<BR><BR>Much=20
appreciated!!<BR><BR>"Alun Jones [MS-MVP - Windows Security]"=20
wrote:<BR><BR>> "NewSecTech" <<A=20
title=3Dmailto:NewSecTech@discussions.microsoft.com=20
=
ns.microsoft.com</A>>=20
wrote in message <BR>> <A=20
=
AC134-8CFB-4729-93E9-3F6D450EE432@microsoft.com</A>...<BR>>=20
> I'd like to know the cons of hiding last user name in the logon =
dialog.=20
<BR>> > The<BR>> > pros are obvious...why give away half =
the key=20
to the castle? I'll be <BR>> > darned<BR>> > if I can =
think of one=20
GOOD reason to leave it displayed. My company has <BR>> > =
rec'd<BR>>=20
> a policy change recommendation, to blank it out, and they want =
the P's=20
and<BR>> > C's of it. Hit me with both arguments if you =
wish...<BR>>=20
<BR>> The cons of this are more intellectual than technical - and =
you are=20
<BR>> exhibiting the cons already.<BR>> <BR>> You have a =
tendency to=20
think of the username as "half the key". It is not. <BR>> It =
is a=20
claim of identity. The password is a proof of that claim. =
The=20
<BR>> username is a label on the key, to identify who it belongs =
to, if you=20
must <BR>> use that analogy.<BR>> <BR>> The operating system =
is=20
designed with the requirement that the password is <BR>> secret, =
and with=20
the assumption that the username is public.<BR>> <BR>> Do not =
make any=20
changes that make the assumption that your username is <BR>> =
secret,=20
because you will give the impression that usernames are sufficient =
<BR>> as=20
claim _and_ proof of identity - not for the Windows logon, obviously, =
<BR>>=20
because that will require the password - but what about a =
user-designed=20
<BR>> application or web service? Someone educated in a culture =
that=20
assumes the <BR>> username to be secret may be tempted to act as if =
the=20
username is secret, <BR>> and is therefore sufficient as an =
identifier and=20
an authenticator.<BR>> <BR>> Don't pretend that usernames are=20
secret. They are public. Display them <BR>> every so =
often to=20
remind people of this fact.<BR>> <BR>> Alun.<BR>> ~~~~ =
<BR>>=20
<BR>> <BR>></BLOCKQUOTE></BODY></HTML>
------=
|
|
Posted by Roger Abell [MVP] on October 25, 2006, 12:57 am
If you were Registered and logged in, you could reply and use other advanced thread options
inconvenience and time needed to reenter username, often
at a workstation to which no one else, save rarely, would
log into.
Alun has clarified that the often used analogy of keys to
the kingdom is in ways incorrect. If your machines are
exposed in ways so that those without accounts in the
forest (or its trusted realms) then exposing user names
would provide them with information that they would
otherwise not obtain, at least not without significant
hurdles (social engineering, etc.). However, if they do
have an account, then they can already list out all of the
usernames in the forest, including whether those are
members of sensitive groups.
So, if exposing the usernames does provide information
otherwise unobtainable, as Alun correctly terms it the
claim of identity, then you would have a real "pro" rather
than just an inconvenience for sake of a preceived "pro".
> I'd like to know the cons of hiding last user name in the logon dialog.
> The
> pros are obvious...why give away half the key to the castle? I'll be
> darned
> if I can think of one GOOD reason to leave it displayed. My company has
> rec'd
> a policy change recommendation, to blank it out, and they want the P's and
> C's of it. Hit me with both arguments if you wish...
>
> Thanks much.
|
| Similar Threads | Posted | | Computer Auto Enrollment for non-windows platforms | November 9, 2006, 3:22 pm |
| A usb disk file hiding | February 21, 2006, 10:39 pm |
| 0x80070569: Logon failure: the user has not been granted the requested logon type at this computer. | December 22, 2005, 9:06 am |
| Logon failure: the user has not been granted the requested logon t | October 3, 2006, 1:54 am |
| "logon as a service" and "logon as a batch job" | September 2, 2006, 6:14 am |
| Logon Interactivly | July 26, 2005, 11:31 am |
| HELP can't logon to my computer | July 28, 2005, 9:39 pm |
| Anonymous Logon 540 | August 10, 2005, 6:02 am |
| logon issues | August 18, 2005, 3:01 pm |
| Spybot comes on at Logon, why? | December 6, 2005, 5:06 pm |
|
|
|
XML site map