4 comments

[ 3.1 ms ] story [ 19.9 ms ] thread
Just fix the outstanding usability issues you've been ignoring for years and stop wasting time adding crap no-one needs.
> If a hacker knows your first and last name, a couple of quick guesses (say janedoe or jdoe) and they're halfway to accessing your account.

I disagree with this mostly. While finding out the username might lead to an issue where requesting a new password is possible if the hacker is able to access that mailbox, you are presumably already fucked at that point. Otherwise, they still need to hack you password, which should not be feasible if you generate those.

I just do really see what the benefit is, as opposed to the downside, which is that you have another field you can't reproduce in event of not being able to access bitwarden for some reason. At least knowing the username and being able to request a new password makes me less dependant on Bitwarden.

If you've got randomly generated username, it is, effectively a password, except that no tooling would ever treat it as such, which may be a problem.

Ofc, this only holds where your username is not a public ID (say on a forum).

Which is why I like decoupling usernames (or rather "nicknames") from authentication. Email and password represent your actual identifiers.

So as others noted, why bother?

Lots of sites require email as username anyway.