Restricted user names

[sbddesign]

For security. Stuff that could be room for social engineering abuse, collision, or confusion. E.g., prohibit stuff like:

• admin
• administrator
• info
• information
• twelvecash
• account
• etc.

[paulosacramento]

Here is a first list of possible usernames that are not allowed:

Administrative/User Roles:

• admin
• administrator
• root
• sysadmin
• superuser
• operator
• support
• helpdesk
• webmaster
• mod
• moderator
• manager
• boss
• owner

Company/Service Names:

• twelve
• twelvecash
• twelvecashsupport
• twelvecashhelp
• twelvecashadmin
• company
• service
• official
• supporttwelve
• twelvecustomer
• twelvestaff

Contact Information:

• info
• information
• contact
• support
• help
• billing
• sales
• inquiries
• no-reply
• noreply

Security/Authority:

• adminuser
• master
• security
• secure
• policy
• terms
• privacy
• compliance
• legal
• law
• police
• officer

System/Default Names:

• system
• guest
• anonymous
• unknown
• default
• test
• user
• public
• undefined
• rootuser
• testuser

Phishing-Related Names:

• login
• signin
• signup
• forgotpassword
• resetpassword
• recover
• verification
• confirm
• authenticate

Social Media Handles:

• facebook
• twitter
• instagram
• linkedin
• snapchat
• youtube
• tiktok
• social
• media

[sbddesign]

@paulosacramento I agree this seems like a pretty comprehensive list. This seem like a good place to start, then we can add more names in the future if needed.

[sbddesign]

For @chdwlch, myself, or any other coder who wants to take this issue, here is a sketch of how I see this working:

• Create and export a const prohibitedNames:string[] = ["admin", "administrator", etc...] containing Paulo's list of names.
• In any API endpoint that handles name creation or checking if a name available to claim/buy, import prohibitedNames
• Validate that the user's desired strong is not contained inside of prohibitedNames