This is an extremely silly observation for HN, given that the usernames are publ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		throwaway09223 on Nov 23, 2022 \| parent \| context \| favorite \| on: “Invalid Username or Password”: a useless security... This is an extremely silly observation for HN, given that the usernames are published openly with every comment. My username is quite obviously "throwaway09223." There's no need to enumerate anything. Avoiding username enumeration is a reasonable goal for some sites in terms of hiding PII, but it is very obviously not a necessary security measure.

crazygringo on Nov 23, 2022 [–]

The article is about usernames as email addresses.

Not about handles.

HN doesn't reveal people's e-mail addresses, unless they choose to put it in their bio.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact