Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
Prevent user name/email leakage via the sign in form #5
The signup process is just very flawed on both the security and UX fronts.
From the UX POV, it is just ridiculous to expect from a user to select unique user name without giving him any indication what might be available. Knowing that "admin" is taken do not help much.
The correct flow should be to let the user register with his email only, than after the email is confirmed, generate an automatic one for him suggest to him to change it.
It is still possible to enumerate user names in that kind of flow, but it is much easier to limit the number of such attempts, and it makes the process somewhat harder to automate.