Proton
What makes a safe username?

If you take your online safety seriously, you know you need to create a strong password to protect your online accounts. However, do you take the same care for your accounts’ usernames? In this article we go over why you should, and what is a safe username.

The short version is that using a generic username, like one based on your real name, can make it easier for cybercriminals to target you. Creating secure usernames means you have an extra layer of defense against attackers, with password managers as the best way to create and store them. Let’s go into the details a little, starting with what a username even is. 

What is a username?

You probably know a username as the field above where your password goes when you access a site. The best way to think of it is as an identifier, like your real-world name, with your password serving as the proof that you are who you claim you are. 

Username field in Proton Pass

On many sites, your username is your email address, though some will let you choose your own, too, especially on forums or other sites where you can leave comments. Often enough, people will use their own name as a username. So take, for example, something like JaneSmith. If there already is a Jane Smith using the site, they’ll add a year of birth or a location, so JaneSmith77 or JaneSmithNYC or maybe even both, so JaneSmith77NYC.

Usernames like this are easy to remember — it’s not likely you’ll forget your name, birthdate, or the state you live in — and if your username also shows up on any posts you make, you get the added benefit of a username that’s easily recognizable. 

Common username security problems

As nice as usernames like this are, though, they come with some serious security issues. As we mentioned, usernames are an integral part of your security credentials. If an attacker knows your username, they know half your login information. If you have a username that’s obvious or easy to guess, then you’re giving up a good chunk of your security.

Even worse is when people reuse their usernames — which includes always using the same email address for all their accounts. If you use JaneSmith once, that’s not great, but not life threatening. However, if you use it for every site you create an account for, you’re making yourself predictable, and predictability is what makes life easy for a cybercriminal.

Some sites will try and fix these issues by having you add numbers or special characters, but they may not negate the damage; they may even make things worse. For example, if you use your birth year or location, then you’re actually giving away extra information about yourself. 

For example, many sites still use recovery questions in case you lose your password. These questions make use of personal information to make sure you are who you claim to be, like the name of your pet, or the name of the street you grew up on. By putting information in your username, you may inadvertently give away answers to those security questions, making it easy for an attacker to use them to gain access to your account.

Finally, you should probably be aware that usernames and emails are a great way for marketers to track you. By matching usernames across different services, marketers and other snoops can very easily build a profile of who you are and what you like. Denying them access to this is surprisingly easy, though, so let’s take a look at how we can do that.

What makes a good username?

Now that we know their weaknesses, let’s see how you can create a secure username. However, there are several types of username. One important category is sites that use them as a way to identify your profile publicly, such as forums or sites like Reddit. In these cases, you want something secure (without personal identifiers), but also memorable for both yourself and whoever is reading the posts.

On top of that, you likely want something funny to set yourself apart. We can’t give you advice on humor, but we will tell you this: never use a username more than once. So if on Reddit your handle is ProtonLover, you shouldn’t use it anywhere else.

Things are a bit simpler if you’re making a username for an account you’ll never post with, like a shopping site or a magazine. In this case, you may as well create something random along the lines of creating a strong password. You could use a lot of special characters and random capitalization, so something like ZT5*.nXq7A4+zwdf

Though a strong username like this is hard to create and remember for humans, using a password manager will solve that issue. In fact, a good password manager can fix practically all username issues. Let’s take a closer look at them.

How password managers help with strong usernames

A password manager is a program that runs either on your device or in a browser and remembers and automatically fills out your login credentials for you. They can also create random passwords and usernames if you want, making them a great solution if you want to take the next step in taking charge of your online security.

Next time you create a new login, have the password manager randomly generate a username by copy pasting the random password it gives you, then have it generate a new random password for the password field, save the new login, and you’re done. It’s that simple.

The above can be done by pretty much any decent password manager, even the mediocre versions that have been built into Chrome and Firefox. However, Proton’s password manager, Proton Pass, has one trick up its sleeve that will solve the username problem once and for all.

Keeping your email address private

When creating a new login for a site or service, you don’t actually create a username all that often. In most cases, you sign in with your email address instead. Again, great to remember, but probably the most predictable piece of data out there as it never, ever changes. Even if you use a dedicated email only for logins, unless you create a new one each time, it’s still predictable.

Proton Pass has solved this issue with hide-my-email aliases. Instead of entering your email address, Proton Pass will enter a replacement that forwards incoming mail to your real address. This is handy if you want to protect your privacy from the service you’re using, but it’s even better if you want to throw off would-be cybercriminals as you can supply email aliases and thus keep your logins unpredictable.

Creating an alias is as simple as clicking a button, as Proton Pass will prompt you any time you create a login to use one. If you have the Proton Pass Free plan, you get 10 hide-my-email aliases, while Plus accounts get an unlimited number.

Login showing a hide-my-email alias

Smart use of hide-my-email aliases and random usernames, as well as using random passwords and passphrases, will keep your logins safe. With Proton Pass to remember them, you’ll never have to worry about losing them, either.

Hide-my-email aliases are a unique feature, and just one more way in which Proton distinguishes itself from Big Tech’s software. As a company founded by scientists who met at CERN with the express purpose of creating a better and more private internet, Proton Pass and aliases are but one way in which we can help keep your data private.

If you’d like to know more, create a free Proton account today and join us in the fight for a better internet.

Protect your passwords
Create a free account

Related articles

proton scribe
Most of us send emails every day. Finding the right words and tone, however, can take up a lot of time. Today we’re introducing Proton Scribe, a smart, privacy-first writing assistant built right into Proton Mail that helps you compose and improve yo
People and companies are generally subject to the laws of the country and city where they are located, and those laws can change when they move to a new place. However, the situation becomes more complicated when considering data, which can be subjec
Your online data is no longer just used for ads but also for training AI. Google uses publicly available information to train its AI models, raising concerns over whether AI is even compatible with data protection laws. People are worried companies
iPhone stores passwords in iCloud Keychain, Apple’s built-in password manager. It’s convenient but has some drawbacks. A major issue is that it doesn’t work well with other platforms, making it hard for Apple users to use their passwords and passkeys
There are many reasons you may need to share passwords, bank details, and other highly sensitive information. But we noticed that many people do this via messaging apps or other methods that put your data at risk. In response to the needs of our com
Large language models (LLMs) trained on public datasets can serve a wide range of purposes, from composing blog posts to programming. However, their true potential lies in contextualization, achieved by either fine-tuning the model or enriching its p