Server admins, need your opinion...
 

So I'm having an argument with a friend of mine and I would like to know your thoughts on the subject. When creating usernames and passwords for a server, I think it's better to use strong usernames with strong passwords. It seems that a bunch of random characters for the username (and obviously the password) would make it harder for a hacker to guess/brute force attack. My friend seems to disagree because he says usernames are stored unencrypted in various locations on a server and are easily discoverable anyway...so there really is no added level of security by using a strong username. What are your thoughts...do you guys use simple or strong usernames and why?

Your friend is right.
Using strong usernames is security by obscurity and it doesn't work.
Let me ask you something, do you change your "root" user to something else ?

Darksoul does have a great point, if you are using strong usernames then you should include the 'root' user as well, or disable direct root login.

Regardless, I would actually agree with Phillip - strong usernames are another layer of security, and although it might not increase it by much as user's are available plaintext in say /etc/passwd - it is still better because by default there is no way for a remote user to view these files. They would have to compromise the server to begin with in order to see these plaintext files. So from a complete remote breakin point, strong usernames are a plus.

Thanks for your thoughts. You're right, if your server was compromised, it really doesn't matter what you choose for a username. So you have to make it harder to bust in to the server. I mean we still see some brute force attempts from time to time and thus my inclination is to make it twice as hard to guess the user/pass. Or is that not a correct way of thinking?

the correct way would be top stop those bruteforce attacks which you shouldn't allow in the first place.