Each time you set up a new account, you probably spend some time coming up with a strong password for it (or use a password generator). But how much thought do you dedicate to your username? Chances are, you’ve been using the same one for years. Some kind of nickname or a combination of your first and last names or those of your children? Using the same one over and over can leave you vulnerable to some serious consequences.
Why do you need a unique username for each account?
The main problem with usernames is that they are public, available for anyone to see, not secret like your passwords. When you use the same username over and over, it allows malicious fraudsters to build a profile of you. It also makes it easier for advertisers and random people to find and track you online.
If you use the same username, all your social media accounts, possibly work place/job, and online forums where you posted will come up in one Google search. This is the information which could be used to find out a lot about your life. Where you live, what car you drive, who you’re friends with, where you work, and where your kids go to school. This is highly sensitive information that could make you a target of various cyberattacks. In real life, you would never divulge all that information to a total stranger would you?
Your personal data could end up in a data breach, another serious threat. If one of your accounts gets hacked or results in a breach, all your other accounts are at risk – unless you used a completely different, random username for each one. You should think of usernames as a second layer of defence. So if you reused one password a lot, but your usernames were always different, this would mean a cybercriminal won’t be able to perform an attack with your leaked credentials, as they won’t know your other usernames, therefore your other accounts will stay safe.
Your password can be virtually unguessable, but that will not be an issue when a website you visit gets hacked, and your mega secure password ends up on the web, if you are using the same username everywhere, guess what – the hackers can now access your other accounts. Just one exposure can lead to identity theft.
So, to get the highest level of privacy and security online, use a different combination of passwords and usernames for each account you use.
Five tips for creating a secure username
- Don’t use your email username anywhere else – your email is very public, so don’t connect it with other accounts.
- Don’t create combinations of usernames and passwords linked to each other, like verses from a popular song’s chorus (something like “hellodarkness” and “myoldfriend.”)
- Don’t use your real name and surname at all.
- Don’t use your phone number, address, and never your date of birth.
- Don’t use things that are easy to find online, like your pet’s name, your car, or your mother’s maiden name.
There are now password and username generators out there you can use for free on the web. Failing that, if you cannot remember your combinations of usernames and passwords, there are several companies now providing password manager services. These vary is cost, many have a free plan or start from about £2.50 per month for family or business plans. Have a look at LastPass, OneLogin, DashLane, Google Password Manager, LogMeOnce or 1Password. A google search will find you lots more to compare.
What about usernames on your WordPress site?
A Brute Force Attack consists of a large number of repeated attempts at guessing your username and password to gain access to your WordPress admin. These attacks are automated, and the usernames and passwords used for guessing typically originate from big data leaks.
- To protect your site, never use ‘admin’ as your username, nor ‘test’, ‘temp’, ‘info’ or ‘support’
- Use a special character, for example @ – ! within your username, as this will not be displayed in the url slug so cannot be found by a brute force bot.
- Refrain from using your business name, or website.
- Set up 2 Factor Authentication.
- Use a trusted WordPress plugin for security.
If you need some help with this or any other issue contact me at firstname.lastname@example.org