Username Protection? Yes, We Need It

There isn’t a week that goes by that I don’t see some sort of problems with online identities, mostly with Twitter and Instagram, two networks that rely on a unique handle. Facebook and LinkedIn have mostly avoided this by creating identities that are more than your name. As Mat Honan said: Facebook solves this quite well by not really requiring a handle as your identity there is more than your name, it’s your social connections.

But let’s look at Twitter and Instagram. Two recent examples are @n, where a hacker extorted the handle’s owner to give it up, and Mat Honan’s case, where he lost @mat to a hacker… but then got it back.

I myself have an admirer… of my Instagram handle, that is. Every two-three weeks I get a password reset request via email. I dutifully click the link where you tell Instagram that you didn’t request the reset, but I really have no idea what Instagram does with that as the requests keep coming.

I worry about Instagram specifically because all it asks for for a password reset is the username. This is ridiculous because that’s an item of information the thief already knows. Why not ask for email as well?

Before my handle is stolen and I desperately ask Instagram to get it back, here’s an idea: create a class of accounts called “watched” accounts. These accounts cannot get a password reset without an additional bit of information from their current owner and handles are automatically added to this list if more than, say, two password reset requests were not requested by the owner. Maybe also delay password reset requests by a week even if they are valid, so that the original owner has time to respond.

Perhaps all Instagram and Twitter need to implement is 2-step verification like Google and other web email services. A quick text message to a mobile phone can clear up most identity problems. But what is pretty certain is that with the value of handles increasing, users need a better way to hang on to them.

Note: it may be that Twitter already does this with its “Verified” program but there is a lack of transparency around that program and it doesn’t seem to work for non-celebrities. Correct me if I’m wrong.

Advertisements

2 thoughts on “Username Protection? Yes, We Need It

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s