What’s in a [user]name?

Sifting through various educational forum posts and blogs recently I came across an entry that discussed the conventions by which pupil usernames are created on a network – and what information they contain.

When I joined my comprehensive school in 1998 I was given the username 98MARSHALLJ. The school had always used the [year of entry]+[surname]+[first initial] convention; indeed I continued the practise when I took responsibility for creating new intake users in the schools I have worked in. Unfortunately in recent years the dangers of sharing aspects of your digital identity with strangers have become all too prevalent and IT managers and policy makers in schools are beginning to look at just how revealing something as innocuous as a username can be.

Take, for example, a simple email:


To: jbloggs@emailprovider.com<img style="background-image: none; border-bottom: 0px; border-left: 0px; padding-left: 0px; padding-right: 0px; display: inline; float: right; border-top: 0px; border-right: 0px; padding-top: 0px" class="alignright size-medium wp-image-758" title="E
From: 98marshallj@stdingleberryschool.ac.uk

Hello Joe,

I really like under water basket weaving too!

James


From this perfectly innocent email we can determine:

  • Roughly how old I am from the first the digits – typically denoting year of entry.
  • My full name.
  • The school I’m attending.

For the ‘Facebook Generation’ this is more than enough information to begin searching the Internet with. Anyone could do a simple search of a social network such as Facebook or MySpace with the few details above and narrow the choice down to a few people in a couple of minutes.

From here people with malicious intent could begin making moves on a pupil.

There is a strong case to be made, if only for this reason, that user names on an school network should be obfuscated to reduce the amount of information volunteered unintentionally. Instead of the ‘traditional’ nomenclature for creating users, IT managers could opt to use a pupil’s UPN number, or any other unique but not identifiable string.

"Sir, I’ve forgotten my username!"

Naturally, one of the more obvious reasons for adopting an easy-to-remember naming system is that pupils can be like goldfish and often have trouble remembering their own password from week to week, let alone a complicated user name. Ben Nunney, @bennuk on Twitter, from Microsoft’s Live@Edu team talked about what makes an e-mail address, and some of the considerations there are (simplicity, single sign-on, etc), over on the Live@Edu blog.

Personally I feel that it should be an enforced learning curve for the pupils – there are many things you have to learn to remember in life from your National Insurance number through to your car registration number and more, so the practise of learning something like this should not be avoided but encouraged. Not only that, but the reasons behind having an obfuscated user name could be taught to pupils as part of any lessons on digital identity.

Times are changing…

Over the last few years the link between pupils experiences of computers in schools, and their development of a digital identity on-line has become much tighter. Pupils freely communicate with others using the various resources available to them – some pupils first email account may be the one provided to them by their school.

At this early stage in their on-line life they may already have the choice over how much they share about themselves made for them by ‘the system’ over something as simple as a user name.

Some could call this scare-mongering or cynicism – others, a precautionary step in protecting pupils.

So then…. What’s in a [user]name?

If you’re interested in finding out more about digital identity the University of Reading is behind the This Is Me project aimed at helping people learn about their digital identities by producing and testing learning materials for use by individuals and groups.

2 thoughts on “What’s in a [user]name?

  1. Very thought provoking!

    In my work as a sourcer, I see company email format conventions as something that can be exploited to help me both get contact details and find names of people that work in specific organisations.

    I had never considered the email formatting conventions of schools and just how much they give away.

    No matter how well disguised, if a child has used their school email address to create their Facebook profile, a person with that email address can send them a friend request, regardless of that child’s privacy settings. For this reason I would be more concerned about a person deducing a child’s email address from the standard school convention.

    Katharine

    Like

  2. Carnegie Mellon University used to assign usernames that were four characters long: first initial, last initial, a number, and a letter. Creative, easy to remember, but reveals very little (except that, if you run across someone whose username is bk2w or gf2e you can probably assume they went to CMU). If that’s too small a pool of usernames, you can easily add another alphanumeric character.

    It’s one of the better naming conventions I’ve seen.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s