Lost, stolen, or forgotten passwords have potential cybersecurity and productivity consequences, prompting many organizations and individuals to prioritize safe password practices. Usernames provide an additional gateway to our accounts and information, so it’s also important to follow some basic username best practices. What should a safe username do?
The importance of a secure username
An unprecedented 450% surge in data breaches containing usernames and passwords highlights the importance of both factors for identity and data protection.
As you learn how to create a secure username, keep in mind:
- Your username is your online identity: A username is defined as a word, phrase, or combination of characters that uniquely identifies a user on an app, website, or device. In short, your username is your identity online. A username alone won’t get you (or an unauthorized party) into your accounts, but a poorly selected or reused username can leave you more exposed to phishing and other common social engineering hacks.
- How usernames differ from passwords: In technical terms, a username is an identifier, and a password is an authenticator. That’s why multifactor authentication tools don’t count usernames among the authenticating factors, instead adding one-time codes or biometric elements like facial recognition or fingerprints.
- Like passwords, usernames can usually be recovered quickly by providing your email address or phone number.
- Unlike passwords, usernames are generally stored in clear text by websites, which makes them more discoverable during a data breach.
Think of your password and username like your car keys and car: If your car keys are ever lost or stolen, the finder would still need to know the specific type and location of the car before they could enter it.
- Usernames are required for certain accounts: Some accounts and apps only require a password for login. Other accounts automatically default to the user’s email address, which makes the username easy to remember but impossible to update or refresh for added security. Accounts that protect personal financial information, like tax preparation services, bank accounts, and credit cards, require unique customer-generated usernames. These accounts allow us to create secure usernames and implement valuable username best practices.
- Usernames can protect you during a data breach: The most important function of a secure username is to protect you during a data breach. In the aftermath of an attack, cybercriminals often try to log in to many different accounts using combinations of stolen passwords and usernames with a strategy known as credential stuffing. This is where the value of strong and unique usernames for each account really comes into play.
- Usernames protect you from hacking and social engineering: Phishing is a common social engineering scam. It usually involves an email or text message from someone masquerading as a trusted business alerting you to suspicious activity or asking you to confirm personal information. To attempt a phishing attack, the scammer will first need to know (or guess) your email address. If your username happens to be your email address, they will already have an important piece of the puzzle when you respond. In any event, an email asking for your username, password, or credit card information should always raise a red flag.
Want to learn more about using Dashlane Password Manager at home or at work?
Check out our personal password manager plans or get started with a free business trial.
6 things a safe username should always do
As you discover how to make a username as safe and secure as possible, start by following these 6 basic rules that lead to optimized usernames and better protection for your accounts and identity.
- Be unique
What makes a good username? Many of the guidelines for keeping passwords strong and unique can also be applied to usernames. Including both letters and numbers in a random pattern is safer than using personal identifiers or common phrases. A username that is easier for you to remember is usually easier for a hacker to guess. This is especially true when the username is based on a variation of your email address, name, or home address.
- Be memorable (but not common)
It should come as no surprise that nine of the ten most common usernames are also common first names. Many of us have used our first or last name (or both) as a username, with the understandable intent of making it memorable in the future. Unfortunately, this only makes it easier for hackers to accurately guess a username in fewer attempts. How can you avoid using common phrases like your first or last name in your username and still make your username memorable?
Use a word that only has meaning to you: It’s possible for a username to be memorable without being based on personal identifiers. Think of a word or phrase with some significance in your life, like a childhood nickname, movie catchphrase, or favorite teacher’s name, that you might have used to create an effective security question in the past.
Use a password manager: In a Dashlane survey, 63% of respondents were proud of their ability to remember things, although 69% said they retrieved or reset their logins at least monthly. A password manager allows you to securely store and autofill usernames and passwords, so you no longer need to write them down or commit them to memory.
- Be stored somewhere safe
Usernames that can’t be committed to memory should always be stored somewhere safe to make sure no one else has (or can get) access to them. Usernames on sticky notes or unlocked spreadsheets can undermine security and privacy.
The most secure way to store usernames at home or at work is to use a password manager protected by zero-knowledge architecture. Credentials are encrypted and securely stored on external servers, and not even the password manager can access them.
- Never include your email address
Unless required by the account or business, never select your email address (or the first part of it) as your username. Email addresses are frequently shared, exchanged, and sold by third parties for marketing purposes, which makes them far from private or unique. Since email is also used for 2-factor authentication (2FA), exposed email addresses can nullify the extra layer of security provided by 2FA.
- Never be reused
The habit of username (and password) reuse is quite common yet dangerous since many hacking tactics rely on users repeating logins to gain access to multiple accounts. The trial-and-error process of brute force attacks, where multiple username and password combinations are entered until an account is accessed, is now backed by high-powered software and artificial intelligence (AI). Reused passwords or usernames multiply vulnerability many times over, so be sure to use a different username for each account.
- Never include personal information
What is personal information? Along with obvious identifiers like your name and phone number, avoid using any other personal information like your address, social security number, or birthday. Using personal information not only makes usernames easier to guess but also puts this valuable information at risk if your account gets hacked or your device is lost or stolen. As a rule of thumb, don’t use anything in your username that can be directly or indirectly linked to your identity.
How Dashlane makes your online accounts safe
Dashlane Password Manager makes it easy to create strong, random, and unpredictable passwords. Convenient Autofill features securely populate usernames and passwords to improve productivity. Features include SSO, 2FA, Password Health scores, secure password sharing, VPN, and Dark Web Monitoring that protects user security and privacy around the clock.
Usernames are an important but often overlooked element of overall cybersecurity health. Securing your identity and personal information requires a multi-faceted approach that might be easier than you think. Discover 6 cybersecurity basics in this easy-to-understand blog post.
- Security Magazine, “450% surge in security breaches containing usernames and passwords,” June 2021.
- Technopedia, “What Does Username Mean?” February 2017.
- Dashlane, “You Asked, A Hacker Answered: 7 Questions With Rachel Tobac,” October 2021.
- Dashlane, “A Complete Guide to Multifactor Authentication,” November 2022.
- Dashlane, “What is Encryption?” March 2019.
- Dashlane, “Data Breach or Hack? Know the Difference,” June 2021.
- Consumer Reports, “What to Do After a Data Breach,” April 2021.
- Dashlane, “What the Hack is Phishing?” March 2020.
- Dashlane, “Do You Have These 6 Cybersecurity Basics Down?” June 2022.
- Dashlane, “How Strong Is Your Password & Should You Change It?” August 2022.
- Dashlane, “From Maiden Names to School Mascots—The Best Ways to Use Security Questions,” September 2021
- Dashlane, “Solving the Human Security Problem: An Interview With JD Sherman, Dashlane CEO,” May 2021.
- Dashlane, “How to Stop Reusing Passwords for Good,” January 2020
- Dashlane, “What the Hack is a Brute Force Attack?” February 2020.
- Dashlane, “A Beginner’s Guide to Two-Factor Authentication,” August 2022.
- Dashlane, “Best Way to Store Passwords at Home or Work,” September 2022.
- TechTarget, “Advanced Encryption Standard (AES),” 2022.
- Dashlane, “Why Do You Need a VPN? Don’t Miss These 3 Key Benefits,” December 2022.
- Dashlane, “How to Shine a Light on the Dark Web,” June 2022.