What makes a safe username?

If you take your online safety seriously, you know you need to create a strong password to protect your online accounts. However, do you know that using the same username for all your accounts isn’t safe? In this article we go over why you should create varied and strong usernames

Using an identifiable username, like one that uses your real name or the year you were born, can make it easier for cybercriminals to target you. Using a password manager to create and store a secure, non-identifiable usernames provides an extra layer of defense.

What is a username?

What is a safe username?

The risks associated with usernames

How password managers help you create strong usernames

Keep your email address private with Proton Pass

What is a username?

A username is an identity you use for yourself so you can create an online account on a website or an app. The best way to think of it is as a name, just like your real-world name. Your password serves as proof that you are who you claim you are, like an ID or a key.  

Username field in Proton Pass

On many sites, your username is your email address, though some will let you choose your own, too, especially on forums or other sites where you can leave comments. Often enough, people will use their own name as a username. Take, for example, something like JaneSmith. If there already is a Jane Smith using the site, they’ll add a year of birth or a location — like JaneSmith77 or JaneSmithNYCor maybe even both — like JaneSmith77NYC.

Usernames like this are easy to remember,. as it’s less likely you’ll forget your name, birthdate, or the state you live in. And if your username also shows up on any posts you make, you get the added benefit of a username that’s easily recognizable. 

The risks associated with usernames

Using an easily identifiable username might help you remember your login details but it also creates serious security issues. Usernames are an integral part of your online identity: if an attacker knows your username, they know half your login information. If you have a username that’s obvious or easy to guess, then you’re making it just as easy for malicious actors to access your account.

It’s even worse to reuse usernames and the same email address for all accounts. Using the same credentials for every account you create makes you predictable — and predictability helps cybercriminals get access to your accounts.

Some sites will try and pre-empt these issues by having you add numbers or special characters, but they may not negate the damage; they may actually make things worse. If you use your birth year or location, you’re giving away extra information about yourself. 

For example, many sites still ask you to answer recovery questions when you forget your password. These questions make use of personal information to make sure you are who you claim to be, like the name of your pet or the street you grew up on. By putting personal information in your username, you may inadvertently give away answers to those security questions, making it easy for an attacker to use them to gain access to your account.

Finally, you should probably be aware that usernames and email addresses are a great way for marketers to track you. By matching usernames across different services, marketers and cybercriminals can very easily build a profile of who you are and what you like. Usernames are increasingly valuable to cybercriminals in particular, with more than 24 billion usernames and passwords for sale(nova janela) on the dark web as of 2022.

The risks are high, but protecting yourself is surprisingly easy.

What is a secure username?

There are several ways you’ll interact with usernames on the internet. One important category is sites that use them as a way to identify your profile publicly and where you’ll interact with other users, such as forums or sites like Reddit. In these cases, you want something secure (without personal identifiers), but also memorable for both yourself and whoever is reading your posts.

The key rule of creating a username is: never use the same username more than once. If your Reddit handle is ProtonLover, you shouldn’t use that username anywhere else.

Things are a bit simpler if you’re making a username for an account you’ll never post with, like a shopping site or a magazine. In this case, you may as well create something random and with the same principles as creating a strong password. You could use a lot of special characters and random capitalization — something like ZT5*.nXq7A4+zwdf, for example.

Though a strong username like this is hard to create and remember for humans, using a password manager will solve that issue. In fact, a good password manager can fix practically all username issues without creating additional work for you.

How password managers help you create strong usernames

A password manager is a program that runs either on your mobile device, tablet, or computer. It remembers and automatically fills out your login credentials for you: this makes it easy to create a different password for every account because you won’t have to remember each one. They can also create random passwords and usernames if you want, making them a great solution if you want to take the next step in taking charge of your online security.

Next time you create a new login, have the password manager randomly generate a username by copy pasting the random password it gives you, then have it generate a new random password for the password field, save the new login, and you’re done.

The above can be done by pretty much any decent password manager, even the mediocre versions that have been built into Chrome and Firefox. However, Proton’s password manager, Proton Pass, has one trick up its sleeve to help you protect your personal data.

Keep your email address private with Proton Pass

When creating a new login for a site or service, you don’t actually create a username all that often. In most cases, you sign in with your email address instead. It’s easy to remember, but probably the most predictable piece of data out there as it never changes. Even if you use a dedicated email only for logins, it’s still predictable unless you create a new one each time.

Proton Pass has solved this issue with hide-my-email aliases. Instead of using your personal email address to create accounts, Proton Pass helps you generate a new email address that forwards incoming mail to your real address. This is handy if you want to protect your data from the service you’re using, such as an online retailer who could use your email address to build up a profile targeting you with ads. It’s even better if you want to throw off would-be cybercriminals as you can supply email aliases that aren’t associated with you at all and keep your logins unpredictable.

Creating an alias is as simple as clicking a button, as Proton Pass will prompt you any time you create a login to use one. If an alias begins receiving spam, you can simply deactivate it and create a new one. With the Proton Pass Free plan, you get 10 hide-my-email aliases, while Plus accounts get an unlimited number.

Login showing a hide-my-email alias

Smart use of hide-my-email aliases and random usernames, as well as using random passwords and passphrases, will keep your logins safe. With Proton Pass to remember them, you won’t have to worry about losing them, either.

If you’d like to know more, create a free Proton account today and join us in the fight for a better internet where privacy is the default.

Proteja suas senhas
Crie uma conta gratuita

Artigos relacionados

The cover image for a Proton Pass blog about brushing scams, which shows a package with a warning sign above it
A brushing scam means your personal data has leaked online. Learn how to protect yourself with hide-my-email aliases and dark web monitoring.
An encryption lock breaking
  • Notícias sobre privacidade
Apple turned off its end-to-end encryption in the UK in response to a government notice. We look at what this means and how people in the UK can protect their data.
Image showing Google, Apple, and Meta as apps that allow surveillance
  • Notícias sobre privacidade
Big Tech companies - Apple, Google, and Meta - have built a mass surveillance machine that the government can easily tap into.
Proton symbol for protecting user privacy after Apple disabled ADP in the UK
Apple dropped ADP for UK users, leaving data unprotected by end-to-end encryption. See why E2EE matters and how to keep your data safe.
The cover image for a Proton Pass blog about how to find your saved passwords on Android, which shows a phone screen, an Android icon, and three password fields
If you're using an Android device, here's how you can find the saved passwords on your phone and how Proton Pass can help you organize them more securely.
Email verification: How to check whether an email address is legit
Find out how to verify an email address to ensure it’s legitimate, protect your communications, and avoid scams or phishing attempts.