Secure USERNAME length

deep-web · October 15, 2019, 7:54pm

Hi everyone

I have a question related with the creation of a “Secure username/password” combination.
According to OWASP https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html A secure password should have at least 8 characters in length using Alpha numeric characters with at least one Special character.

in relation with the USERNAME it does not recommend anything.
Should we consider “Secure” a one character name USERNAME with a “secure password”?

Example:
Username : a
Password: pX8*TKrmK`7’!j>
( it the previous example secure)?

Ideas and comments are welcome

sorcerer-king · October 15, 2019, 8:29pm

Consider user/password combination as a unique credential field. Like adminThePassword, is this combination secure? Yes, if password is strong enough. Probably OWASP do not consider username secure standards because password specifications overcome the weakness of simple usernames.

blue-snot · October 16, 2019, 11:46am

We should follow this criteria:

https://fluidattacks.com/web/rules/#credentials