@Gimli87: Account secret generates the id of the account. This id is the key to retrieve your account packet in the network. This packet can then be decrypted with your account password + your account secret.
Both need to be strong:
-
account secret: to avoid collision with other users
-
account password: to prevent hackers from decrypting your account packet
@maidsafe: I already said several times in the past that a username (weak) + a password (strong) would be better:
-
Firstly, this is standard usage
-
Secondly, it would allow several users with the same username (with common names like David, Games, Family, Finance, …).
To avoid collisions between users, the account id would be derived from both username and password. Credentials have been implemented like this during a few days 2 years ago (exactly: between 19 July and 26 July 2016).