If you take your online safety seriously, you know you need to create a strong password to protect your online accounts. However, do you know that using the same username for all your accounts isn’t safe? In this article we go over why you should create varied and strong usernames
Using an identifiable username, like one that uses your real name or the year you were born, can make it easier for cybercriminals to target you. Using a password manager to create and store a secure, non-identifiable usernames provides an extra layer of defense.
The risks associated with usernames
How password managers help you create strong usernames
Keep your email address private with Proton Pass
What is a username?
A username is an identity you use for yourself so you can create an online account on a website or an app. The best way to think of it is as a name, just like your real-world name. Your password serves as proof that you are who you claim you are, like an ID or a key.
On many sites, your username is your email address, though some will let you choose your own, too, especially on forums or other sites where you can leave comments. Often enough, people will use their own name as a username. Take, for example, something like JaneSmith. If there already is a Jane Smith using the site, they’ll add a year of birth or a location — like JaneSmith77 or JaneSmithNYCor maybe even both — like JaneSmith77NYC.
Usernames like this are easy to remember,. as it’s less likely you’ll forget your name, birthdate, or the state you live in. And if your username also shows up on any posts you make, you get the added benefit of a username that’s easily recognizable.
The risks associated with usernames
Using an easily identifiable username might help you remember your login details but it also creates serious security issues. Usernames are an integral part of your online identity: if an attacker knows your username, they know half your login information. If you have a username that’s obvious or easy to guess, then you’re making it just as easy for malicious actors to access your account.
It’s even worse to reuse usernames and the same email address for all accounts. Using the same credentials for every account you create makes you predictable — and predictability helps cybercriminals get access to your accounts.
Some sites will try and pre-empt these issues by having you add numbers or special characters, but they may not negate the damage; they may actually make things worse. If you use your birth year or location, you’re giving away extra information about yourself.
For example, many sites still ask you to answer recovery questions when you forget your password. These questions make use of personal information to make sure you are who you claim to be, like the name of your pet or the street you grew up on. By putting personal information in your username, you may inadvertently give away answers to those security questions, making it easy for an attacker to use them to gain access to your account.
Finally, you should probably be aware that usernames and email addresses are a great way for marketers to track you. By matching usernames across different services, marketers and cybercriminals can very easily build a profile of who you are and what you like. Usernames are increasingly valuable to cybercriminals in particular, with more than 24 billion usernames and passwords for sale(new window) on the dark web as of 2022.
The risks are high, but protecting yourself is surprisingly easy.
What is a secure username?
There are several ways you’ll interact with usernames on the internet. One important category is sites that use them as a way to identify your profile publicly and where you’ll interact with other users, such as forums or sites like Reddit. In these cases, you want something secure (without personal identifiers), but also memorable for both yourself and whoever is reading your posts.
The key rule of creating a username is: never use the same username more than once. If your Reddit handle is ProtonLover, you shouldn’t use that username anywhere else.
Things are a bit simpler if you’re making a username for an account you’ll never post with, like a shopping site or a magazine. In this case, you may as well create something random and with the same principles as creating a strong password. You could use a lot of special characters and random capitalization — something like ZT5*.nXq7A4+zwdf, for example.
Though a strong username like this is hard to create and remember for humans, using a password manager will solve that issue. In fact, a good password manager can fix practically all username issues without creating additional work for you.
How password managers help you create strong usernames
A password manager is a program that runs either on your mobile device, tablet, or computer. It remembers and automatically fills out your login credentials for you: this makes it easy to create a different password for every account because you won’t have to remember each one. They can also create random passwords and usernames if you want, making them a great solution if you want to take the next step in taking charge of your online security.
Next time you create a new login, have the password manager randomly generate a username by copy pasting the random password it gives you, then have it generate a new random password for the password field, save the new login, and you’re done.
The above can be done by pretty much any decent password manager, even the mediocre versions that have been built into Chrome and Firefox. However, Proton’s password manager, Proton Pass, has one trick up its sleeve to help you protect your personal data.
Keep your email address private with Proton Pass
When creating a new login for a site or service, you don’t actually create a username all that often. In most cases, you sign in with your email address instead. It’s easy to remember, but probably the most predictable piece of data out there as it never changes. Even if you use a dedicated email only for logins, it’s still predictable unless you create a new one each time.
Proton Pass has solved this issue with hide-my-email aliases. Instead of using your personal email address to create accounts, Proton Pass helps you generate a new email address that forwards incoming mail to your real address. This is handy if you want to protect your data from the service you’re using, such as an online retailer who could use your email address to build up a profile targeting you with ads. It’s even better if you want to throw off would-be cybercriminals as you can supply email aliases that aren’t associated with you at all and keep your logins unpredictable.
Creating an alias is as simple as clicking a button, as Proton Pass will prompt you any time you create a login to use one. If an alias begins receiving spam, you can simply deactivate it and create a new one. With the Proton Pass Free plan, you get 10 hide-my-email aliases, while Plus accounts get an unlimited number.
Smart use of hide-my-email aliases and random usernames, as well as using random passwords and passphrases, will keep your logins safe. With Proton Pass to remember them, you won’t have to worry about losing them, either.
If you’d like to know more, create a free Proton account today and join us in the fight for a better internet where privacy is the default.
