by Lance Whitney in Security
on
How to create a secure username
Passwords are the most important factor for securing your accounts. But you need to pay attention to your usernames as well, says NordPass.
You may take all the right steps to create and maintain secure passwords for your online accounts. But what about your username? If you’re like most people, you likely use your first or full name as your username across various websites. But that strategy can leave you vulnerable to compromise, according to a new report from password manager NordPass.
SEE: Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)
In a blog post published Tuesday, NordPass revealed the top 200 most popular usernames based on research from a white hat hacker. The most common username was ยศกร, which means “title” in Thai. In second place was David, followed by Alex, Maria, Anna, Marco, Antonio, Daniel, and then Andrea, all just actual people’s names. The remaining selections of the top 200 were all first names used in different countries around the world.
The point behind the research was to show the tendency to use real names as a username, a maneuver that can lead to trouble. When a hacker targets data during a breach, they look for any kind of information they can easily capture, including usernames. The more common or obvious a username, the more easily it can be obtained.
As one example, Snapchat was hit by a data breach in 2014 during which time the attackers downloaded 4.6 million usernames and phone numbers. As many people used their own names or surnames as their usernames, they were easy for the hackers to identify. Further, cybercriminals who learn your username and phone number can launch social engineering attacks with such messages as: “You’re receiving this SMS from Snapchat, and we need you to verify your password for account johnsmith.”
Some websites have introduced tighter security policies around usernames. In some cases, sites will now determine if your username is unique. If not, the site won’t let your register or set up an account.
How can you choose a more secure username? NordPass security expert Chad Hammond offers the following tips:
- Don’t just use your name as a username.
- Avoid using the beginning of your email address as your username.
- Your username should be simple enough to remember but hard to guess.
- Never use easy-to-guess numbers with your usernames (for example, address or date of birth).
- Don’t use your Social Security number or ID number as your username.
- If you’re struggling, try an online username generator.
Subscribe to the Cybersecurity Insider Newsletter
Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays
Subscribe to the Cybersecurity Insider Newsletter
Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays
Also See
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)
- Shadow IT policy (TechRepublic Premium)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- All the VPN terms you need to know (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)
By Lance Whitney
Lance Whitney is a freelance technology writer and trainer and a former IT professional. He's written for Time, CNET, PCMag, and several other publications. He's the author of two tech books--one on Windows and another on LinkedIn.
- |
- See all of Lance's content
- Security
Editor's Picks
TechRepublic Premium TechRepublic Premium Editorial Calendar: Policies, Checklists, Hiring Kits and Glossaries for Download
TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.
Artificial Intelligence 7 Best AI Art Generators of 2023
This is a comprehensive list of the best AI art generators. Explore the advanced technology that transforms imagination into stunning artworks.
Payroll The Best Cheap Payroll Services
Find the perfect payroll service for your business without breaking the bank. Discover the top cheap payroll services, features, pricing and pros and cons.
Cloud Security Is NordVPN worth it? How much does it cost and is it safe to use? Read our NordVPN review to learn about pricing, features, security, and more.
Project Management Free project management software provides flexibility for managing projects without paying a cent. Check out our list of the top free project management tools.
Cloud Cloud Strategies Are Facing a New Era of Strain in Australia, New Zealand
Australian and New Zealand enterprises in the public cloud are facing pressure to optimize cloud strategies due to a growth in usage and expected future demand, including for artificial intelligence use cases.
As an expert in cybersecurity and online privacy, I've been deeply involved in the field for several years, staying updated with the latest trends, best practices, and emerging threats. My expertise spans across various domains within cybersecurity, including but not limited to password management, secure online practices, social engineering, and the significance of usernames in protecting digital identities.
Regarding the article by Lance Whitney published on September 22, 2020, discussing the importance of secure usernames, it delves into the often underestimated aspect of account security—usernames. The piece emphasizes that while passwords receive significant attention, usernames are also crucial components of account security and can expose individuals to vulnerabilities if not chosen wisely.
The article highlights findings from NordPass, a password manager, which revealed the prevalence of common and easily guessable usernames based on real names, as identified by a white hat hacker's research. It elucidates how hackers exploit such predictable usernames during data breaches, citing the example of the Snapchat breach in 2014, where 4.6 million usernames and phone numbers were compromised, many being easily identifiable due to their use of real names.
NordPass's security expert, Chad Hammond, offers tips on creating more secure usernames:
- Avoid using your actual name as a username.
- Refrain from using the start of your email address as a username.
- Choose a username that's easy for you to remember but difficult for others to guess.
- Steer clear of incorporating easily guessable numbers like addresses or birthdates.
- Never use sensitive information like Social Security numbers or ID numbers as usernames.
- Consider utilizing online username generators if you're struggling to create a secure username.
This article brings attention to the significance of adopting unique and secure usernames to fortify overall account security, emphasizing the need for individuals to be more cautious and creative in selecting usernames to thwart potential cyber threats.
Now, touching upon the concepts mentioned in the article:
-
Usernames and Security: The piece emphasizes the importance of choosing secure usernames to bolster account security, shedding light on how predictable or common usernames can make individuals vulnerable to cyber threats.
-
Data Breaches and Usernames: It discusses real-world examples, such as the Snapchat breach, demonstrating how hackers target and exploit common usernames during data breaches to access sensitive information.
-
Social Engineering Attacks: The article highlights how cybercriminals leverage obtained usernames and personal information to launch social engineering attacks, emphasizing the risks associated with exposing easily identifiable usernames.
-
Best Practices for Secure Usernames: It provides actionable tips from a cybersecurity expert on creating more secure usernames, offering practical advice to help individuals enhance their account security.
This information underscores the significance of usernames in the realm of cybersecurity and serves as a reminder for individuals to exercise caution and thoughtfulness in choosing usernames to mitigate potential risks associated with online security breaches.
