If you take your online safety seriously, you know you need to create a strong password(new window) to protect your online accounts. However, do you take the same care for your accounts’ usernames? In this article we go over why you should, and what is a safe username.
The short version is that using a generic username, like one based on your real name, can make it easier for cybercriminals to target you. Creating secure usernames means you have an extra layer of defense against attackers, with password managers as the best way to create and store them. Let’s go into the details a little, starting with what a username even is.
What is a username?
You probably know a username as the field above where your password goes when you access a site. The best way to think of it is as an identifier, like your real-world name, with your password serving as the proof that you are who you claim you are.
On many sites, your username is your email address, though some will let you choose your own, too, especially on forums or other sites where you can leave comments. Often enough, people will use their own name as a username. So take, for example, something like JaneSmith. If there already is a Jane Smith using the site, they’ll add a year of birth or a location, so JaneSmith77 or JaneSmithNYC or maybe even both, so JaneSmith77NYC.
Usernames like this are easy to remember — it’s not likely you’ll forget your name, birthdate, or the state you live in — and if your username also shows up on any posts you make, you get the added benefit of a username that’s easily recognizable.
Common username security problems
As nice as usernames like this are, though, they come with some serious security issues. As we mentioned, usernames are an integral part of your security credentials. If an attacker knows your username, they know half your login information. If you have a username that’s obvious or easy to guess, then you’re giving up a good chunk of your security.
Even worse is when people reuse their usernames — which includes always using the same email address for all their accounts. If you use JaneSmith once, that’s not great, but not life threatening. However, if you use it for every site you create an account for, you’re making yourself predictable, and predictability is what makes life easy for a cybercriminal.
Some sites will try and fix these issues by having you add numbers or special characters, but they may not negate the damage; they may even make things worse. For example, if you use your birth year or location, then you’re actually giving away extra information about yourself.
For example, many sites still use recovery questions in case you lose your password. These questions make use of personal information to make sure you are who you claim to be, like the name of your pet, or the name of the street you grew up on. By putting information in your username, you may inadvertently give away answers to those security questions, making it easy for an attacker to use them to gain access to your account.
Finally, you should probably be aware that usernames and emails are a great way for marketers to track you. By matching usernames across different services, marketers and other snoops can very easily build a profile of who you are and what you like. Denying them access to this is surprisingly easy, though, so let’s take a look at how we can do that.
What makes a good username?
Now that we know their weaknesses, let’s see how you can create a secure username. However, there are several types of username. One important category is sites that use them as a way to identify your profile publicly, such as forums or sites like Reddit. In these cases, you want something secure (without personal identifiers), but also memorable for both yourself and whoever is reading the posts.
On top of that, you likely want something funny to set yourself apart. We can’t give you advice on humor, but we will tell you this: never use a username more than once. So if on Reddit your handle is ProtonLover, you shouldn’t use it anywhere else.
Things are a bit simpler if you’re making a username for an account you’ll never post with, like a shopping site or a magazine. In this case, you may as well create something random along the lines of creating a strong password(new window). You could use a lot of special characters and random capitalization, so something like ZT5*.nXq7A4+zwdf.
Though a strong username like this is hard to create and remember for humans, using a password manager(new window) will solve that issue. In fact, a good password manager can fix practically all username issues. Let’s take a closer look at them.
How password managers help with strong usernames
A password manager is a program that runs either on your device or in a browser and remembers and automatically fills out your login credentials for you. They can also create random passwords and usernames if you want, making them a great solution if you want to take the next step in taking charge of your online security.
Next time you create a new login, have the password manager randomly generate a username by copy pasting the random password it gives you, then have it generate a new random password for the password field, save the new login, and you’re done. It’s that simple.
The above can be done by pretty much any decent password manager, even the mediocre versions that have been built into Chrome(new window) and Firefox(new window). However, Proton’s password manager, Proton Pass, has one trick up its sleeve that will solve the username problem once and for all.
Keeping your email address private
When creating a new login for a site or service, you don’t actually create a username all that often. In most cases, you sign in with your email address instead. Again, great to remember, but probably the most predictable piece of data out there as it never, ever changes. Even if you use a dedicated email only for logins, unless you create a new one each time, it’s still predictable.
Proton Pass has solved this issue with hide-my-email aliases. Instead of entering your email address, Proton Pass will enter a replacement that forwards incoming mail to your real address. This is handy if you want to protect your privacy from the service you’re using, but it’s even better if you want to throw off would-be cybercriminals as you can supply email aliases and thus keep your logins unpredictable.
Creating an alias is as simple as clicking a button, as Proton Pass will prompt you any time you create a login to use one. If you have the Proton Pass Free plan, you get 10 hide-my-email aliases, while Plus accounts get an unlimited number.
Smart use of hide-my-email aliases and random usernames, as well as using random passwords and passphrases(new window), will keep your logins safe. With Proton Pass to remember them, you’ll never have to worry about losing them, either.
Hide-my-email aliases are a unique feature, and just one more way in which Proton distinguishes itself from Big Tech’s software. As a company founded by scientists who met at CERN with the express purpose of creating a better and more private internet, Proton Pass and aliases are but one way in which we can help keep your data private.
If you’d like to know more, create a free Proton account today and join us in the fight for a better internet.