Security risk - FundingSecure posting full Usernames

Exactly and it’s down to individual preference but I’m personally not keen on letting the world and his dog know how much I’m lending.

Now if you like being flash and showing how much brass you have to throw about.....

For security reasons we do not allow users to change their own usernames.

You are misunderstanding how this technology works.

The method you describe is called 'brute force'.

Yes, there are programs that can "go through" millions of password combinations in seconds, often using rainbow tables or random keyspace attacks... However, they tend to work against a local file, such as a hashed and encrypted password file that may have been stolen. And if that file is stolen, your username is already exposed and there is nothing you can do about it.

The biggest problem here for a potential attacker is the network. You cannot submit millions of passwords in seconds to the funding secure website. I am assuming (but I do not know) that Funding Secure's website has been designed in a sane way, where X amount of failed login attempts in Y amount of time ends up in a locked account, or at least flags and alerts someone. It's usually something like 3 attempts in 120 seconds or something. This action alone would stop the vast majority of attackers in such a method. Others may attempt it, if they maybe have a few passwords that they know a specific user likes to use, but most won't, and probably won't use a automated program to do it either.

The bigger concern should be for people being "doxxed", where the user is stupid/naive/unfortunate enough to go and get their information leaked online and tied to their public online alias. Even then, I don't see Funding Secure being a particularly lucrative target. Depending on the attackers intent, a Facebook account can be much more valuable. How do you find your friends on Facebook? their email is the most accurate way, how do you login to Facebook again? oh yeah, email address and password. For all it's faults, Facebook actually does security fairly well from a technical standpoint.

Whilst I understand your intentions are entirely pure, I'm sorry to say you're simply wrong here, exposing the username isn't really a security risk, and if it is, it's a tiny one. In future, just use random usernames for each site you use if it concerns you that much (this will help against being doxxed), and, for the love of all that is good and pure in the world, use different passwords for every site you visit, including this one. Can't remember all those passwords? No, neither can I, hence I use LastPass. I literally have no idea what my password is to most things, but LastPass has done and excellent job of making new passwords and remembering them for me. And yes, LastPass is about as secure as it gets right now, just pick a strong and memorable master password as your master password is what encrypts all the other data (if you forget it, you're stuffed, essentially). LastPass can generate some pretty bad-ass passwords: X8gCeaWeo6BW8mD9Kej3WpMGRrjbV0KopRUd6SIQ, I just asked it to make, for example.

Good luck, stay safe, and don't be afraid of your username.