Currently, comments use the Windows account name as the comment ID name. This is a security issue, as it reveals the login name to a computer handling sensitive information. Instead, the comment ID should be set manually, with the username as the default. This would improve workflows with many ISO-certified companies as well, where it is important for the comment ID to show at what stage of editing or review the comment was made (e.g., V1, V2, PM, Copyedit, Proofread, etc.) rather than the name of the person. In many case, the name of the person is supposed to be kept confidential. But using the Windows login name is an inappropriate use of the Windows login and not a best practice security-wise.