Username Selection Influential on Online Security

The National Institute for Research in Computer Science and Control, INRIA in France cautions that it's important for a user to make an appropriate selection of username since Internet marketers can utilize the detail for tracking his activity and cyber-crooks for carrying out phishing against him.

Actually, investigators at INRIA examined around 10m usernames gathered from eBay accounts, Google profiles as well as other sources. Consequently, it was discovered that some 50% of the user-IDs utilized in connection with one website had an association with one other Internet profile that could let scammers and marketers develop a more complicated impression about the users.

State the security investigators that it can be so that a scammer utilizes such a poorly-selected username for creating the user's profile and subsequently present persuasive phishing messages before that user, possibly through references of particular purchases he made on another site.

For instance, if a scammer could map a person's Google profile with that person's eBay account then there may be chances for dispatching spam mails, which talk about a new sale. Such personalized spoofed e-mails, according to the investigators, could dupe many people into following malevolent web-links with which criminals could compromise PCs.

Says INRIA, people with usernames that are more unique can easily get targeted with cross-site profiling, while those setting ordinary usernames can be harder vis-à-vis tracking them down.

Stated doctoral candidate Daniele Perito at INRIA, who was one of the investigators, the remaining 50% of user-IDs, which had low entropy, caused it harder for linking the users. Indeed, those user-IDs could be associated with several users, he explained. Technology Review published this on February 14, 2011.

Moreover, according to Professor of Computer Science Avi Rubin at Johns Hopkins University (USA), it isn't astonishing that people set common usernames for multiple sites, but that because the passwords selected are separate, an individual's password for any 1 website hardly gives a valuable clue towards determining his password for another website. Technology Review published this.

Meanwhile, the investigators advise those operating websites to use CAPTCHA on non-search engines, which try for tracking usernames by creeping into their websites.

Related article: Ukrainian Web Host of Malicious Programs Shutdown

» SPAMfighter News - 2/22/2011