Back in 2009, 18 January to be more exact, Argent Stonecutter filed issue SVC-6212 in Linden Lab’s JIRA for Second Life, proposing a change in the way SL’s user accounts are handled. Right now, account name and user name are effectively the same – even after the discontinuation of last names and the introduction of the kludgy “Resident” last name in their place. Argent suggested (rightly) that username and account name be separated:
SL security would be better, also, if you separated the account and avatar names… so for example instead of logging in as “Argent Stonecutter”, I’d log in as “Argent007” or something that isn’t actually published… and then picked my “Argent Stonecutter” alt from a pulldown.
- Something else for attackers to have to guess.
- Better account management.
- Fewer name-password combinations for users to remember.
Argent’s point was to make log-ins more secure and account management easier. The discussion in the comments is quite interesting, too. Before I came to sit down and blog about this proposal, Ciaran Laval and Inara Pey blogged about it. So, what is that makes this proposal so special that I’m bothering to revisit it and attempt to draw new attention to it?