ATLBitLab
Restricted user names
For security. Stuff that could be room for social engineering abuse, collision, or confusion. E.g., prohibit stuff like:
- admin
- administrator
- info
- information
- twelvecash
- account
- etc.
Here is a first list of possible usernames that are not allowed:
Administrative/User Roles:
- admin
- administrator
- root
- sysadmin
- superuser
- operator
- support
- helpdesk
- webmaster
- mod
- moderator
- manager
- boss
- owner
Company/Service Names:
- twelve
- twelvecash
- twelvecashsupport
- twelvecashhelp
- twelvecashadmin
- company
- service
- official
- supporttwelve
- twelvecustomer
- twelvestaff
Contact Information:
- info
- information
- contact
- support
- help
- billing
- sales
- inquiries
- no-reply
- noreply
Security/Authority:
- adminuser
- master
- security
- secure
- policy
- terms
- privacy
- compliance
- legal
- law
- police
- officer
System/Default Names:
- system
- guest
- anonymous
- unknown
- default
- test
- user
- public
- undefined
- rootuser
- testuser
Phishing-Related Names:
- login
- signin
- signup
- forgotpassword
- resetpassword
- recover
- verification
- confirm
- authenticate
Social Media Handles:
- snapchat
- youtube
- tiktok
- social
- media
@paulosacramento I agree this seems like a pretty comprehensive list. This seem like a good place to start, then we can add more names in the future if needed.
For @chdwlch, myself, or any other coder who wants to take this issue, here is a sketch of how I see this working:
- Create and export a
const prohibitedNames:string[] = ["admin", "administrator", etc...]containing Paulo's list of names. - In any API endpoint that handles name creation or checking if a name available to claim/buy, import
prohibitedNames - Validate that the user's desired strong is not contained inside of
prohibitedNames