> If a hacker knows your first and last name, a couple of quick guesses (say janedoe or jdoe) and they're halfway to accessing your account.
I disagree with this mostly. While finding out the username might lead to an issue where requesting a new password is possible if the hacker is able to access that mailbox, you are presumably already fucked at that point. Otherwise, they still need to hack you password, which should not be feasible if you generate those.
I just do really see what the benefit is, as opposed to the downside, which is that you have another field you can't reproduce in event of not being able to access bitwarden for some reason. At least knowing the username and being able to request a new password makes me less dependant on Bitwarden.
4 comments
[ 3.1 ms ] story [ 19.9 ms ] threadI disagree with this mostly. While finding out the username might lead to an issue where requesting a new password is possible if the hacker is able to access that mailbox, you are presumably already fucked at that point. Otherwise, they still need to hack you password, which should not be feasible if you generate those.
I just do really see what the benefit is, as opposed to the downside, which is that you have another field you can't reproduce in event of not being able to access bitwarden for some reason. At least knowing the username and being able to request a new password makes me less dependant on Bitwarden.
Ofc, this only holds where your username is not a public ID (say on a forum).
Which is why I like decoupling usernames (or rather "nicknames") from authentication. Email and password represent your actual identifiers.
So as others noted, why bother?