Skip to content
home page

jackie@jackdawwebdesign.co.uk

click to go to jackdaw web design facebook page click here to go to jackie latham linkedin entry
  • Home
  • About
  • Accessible Web Design
  • Portfolio
  • Blog
  • Contact

Are Your Usernames Just As Important As Passwords – Or More So?

August 17, 2021

Each time you set up a new account, you probably spend some time coming up with a strong password for it (or use a password generator). But how much thought do you dedicate to your username? Chances are, you’ve been using the same one for years. Some kind of nickname or a combination of your first and last names or those of your children? Using the same one over and over can leave you vulnerable to some serious consequences.

Why do you need a unique username for each account?

The main problem with usernames is that they are public, available for anyone to see, not secret like your passwords. When you use the same username over and over, it allows malicious fraudsters to build a profile of you. It also makes it easier for advertisers and random people to find and track you online.

If you use the same username, all your social media accounts, possibly work place/job, and online forums where you posted will come up in one Google search. This is the information which could be used to find out a lot about your life. Where you live, what car you drive, who you’re friends with, where you work, and where your kids go to school. This is highly sensitive information that could make you a target of various cyberattacks. In real life, you would never divulge all that information to a total stranger would you?

Your personal data could end up in a data breach, another serious threat. If one of your accounts gets hacked or results in a breach, all your other accounts are at risk – unless you used a completely different, random username for each one. You should think of usernames as a second layer of defence. So if you reused one password a lot, but your usernames were always different, this would mean a cybercriminal won’t be able to perform an attack with your leaked credentials, as they won’t know your other usernames, therefore your other accounts will stay safe.

Your password can be virtually unguessable, but that will not be an issue when a website you visit gets hacked, and your mega secure password ends up on the web, if you are using the same username everywhere, guess what – the hackers can now access your other accounts. Just one exposure can lead to identity theft.

So, to get the highest level of privacy and security online, use a different combination of passwords and usernames for each account you use.

Five tips for creating a secure username

  1. Don’t use your email username anywhere else – your email is very public, so don’t connect it with other accounts.
  2. Don’t create combinations of usernames and passwords linked to each other, like verses from a popular song’s chorus (something like “hellodarkness” and “myoldfriend.”)
  3. Don’t use your real name and surname at all.
  4. Don’t use your phone number, address, and never your date of birth.
  5. Don’t use things that are easy to find online, like your pet’s name, your car, or your mother’s maiden name.

There are now password and username generators out there you can use for free on the web. Failing that, if you cannot remember your combinations of usernames and passwords, there are several companies now providing password manager services. These vary is cost, many have a free plan or start from about £2.50 per month for family or business plans. Have a look at LastPass, OneLogin, DashLane, Google Password Manager, LogMeOnce or 1Password. A google search will find you lots more to compare.

What about usernames on your WordPress site?

A Brute Force Attack consists of a large number of repeated attempts at guessing your username and password to gain access to your WordPress admin. These attacks are automated, and the usernames and passwords used for guessing typically originate from big data leaks.

  1. To protect your site, never use ‘admin’ as your username, nor ‘test’, ‘temp’, ‘info’ or ‘support’
  2. Use a special character, for example @ – ! within your username, as this will not be displayed in the url slug so cannot be found by a brute force bot.
  3. Refrain from using your business name, or website.
  4. Set up 2 Factor Authentication.
  5. Use a trusted WordPress plugin for security.

If you need some help with this or any other issue contact me at jackie@jackdawwebdesign.co.uk

Posted in Security, WordPress tips
← How to Make Sticky Posts in WordPressFive of the best WordPress plugins for accessibility, but are they a magic fix? →

Categories

  • Accessibility
  • Before and after redesigns
  • Case study
  • Looking after your site
  • News
  • Security
  • SEO
  • Uncategorized
  • Web design
  • Web hosting
  • WordPress tips

Get in touch and let us see how we can help you out

Contact us to find out more about our web design and WordPress training

Join our mailing list

Name(Required)
This field is for validation purposes and should be left unchanged.

Contact

Email: jackie@jackdawwebdesign.co.uk

Tel: 07762 140 433

The Town Hall, High Street East, Wallsend, NE28 7AT

Important information

Privacy Policy

Web Design Terms and Conditions

Support Contract Terms and Conditions

Accessibility Statement

Best Website designers in North Tyneside
Badge of IAAP professional membership
Sector-Connector-Logo biz award

© 2023 Jackdaw Web Design. All Rights Reserved.

Scroll To Top
We only use cookies for logged in users and analytics. They don't store personal data and are deleted when your session ends. If you continue using this site we'll assume you're ok with that.Ok