Comments on: Minimum lengths for usernames. Wtf?!

By: Yeyui

Yeyui — Tue, 12 Jan 2010 18:17:35 +0000

Glad to read your rant. Now I don’t have to repeat it. I have used the same username since my first days on the internet 14 or so years ago. Until the last couple years, Yeyui consistently and uniquely pointed to me. (There are now up to two people in Asia using the same handle) It always irks me when some site or service (today it is Skype) tells me my name isn’t good (meaning long) enough for them.

By: Roy Leban

Roy Leban — Fri, 21 Nov 2008 20:06:46 +0000

Let’s assume the spam issue is a valid point. Given that, I think it’s better to warn users than to block them.

The general result of policies like this is to hurt users, not to help them. Scott’s read my post on password policies already, but here’s a link for the rest of you:

http://www.thisuser.com/2008/07/stupid-password-policies.html

By: Scott Blomquist

Scott Blomquist — Fri, 21 Nov 2008 06:53:16 +0000

Sure–but the cost of having my banking password guessed is much higher than the cost of getting a few more spams because someone guessed my username.

I guess I’m saying even now that I understand the downside here, it seems better to me to get more spam than to have to choose a less desirable username that I’m likely to forget all the time. Especially when you consider that I don’t care at all about my Zoho inbox. (I didn’t even realize I had one.)

By: Aravind

Aravind — Fri, 21 Nov 2008 06:27:05 +0000

Hmm, it’s a compromise. I can equate this with password security rules. For example, my office and my bank both have this rule – that you have to choose a password with capital letters and numbers in them and should be of minimum 8 characters. And the password has to be changed every 14 days. To top this, the system won’t allow you to choose from the past 3 passwords you’ve used.

Google’s take on this :
http://mail.google.com/support/bin/answer.py?answer=7993&topic=12777

By: Scott Blomquist

Scott Blomquist — Fri, 21 Nov 2008 06:12:30 +0000

Aravind, I totally buy your spam claim, but is forcing me to create a username that I won’t remember the best way to defend me from spam?

By: Aravind

Aravind — Fri, 21 Nov 2008 06:00:06 +0000

Scott : It’s been found that short user names receive significantly more spam since they’re easy to automatically generate. So, the longer your user name & more uncommon it is, the better your chances against getting hit by spam.

And yeah, at Zoho, we try our best to listen and respond to our users

By: R.Rajkumar

R.Rajkumar — Fri, 21 Nov 2008 05:02:17 +0000

*I want to believe that when Zoho tells me that I need to use 6 characters, it’s for some reason other than “the developer who wrote that validation code picked 6 arbitrarily”. But I can’t for the life of me imagine what the other, better reason might be.*

I do have a 4 letter login name at Zoho; but I had signed up a long time ago – not sure when this came into effect.

*I know that neither the Zoho developers nor the Picasa eveloeprs are likely to read my meager blog rant.*

Zoho developers do read blogs about Zoho and I am sure they will find you soon. But, I am not sure if they would come up with convincing reason, for the “6 to 30″ limit.