When it comes to protecting yourself online, having a secure password has been the default recommendation. However, you may be surprised to know that having a secure username is just as important as using a strong password.
Serving as your identity online, usernames are prized assets for hackers to acquire. Even if they’re not as coveted as your passwords, they can be used to get hold of your online data. In this sense, it’s essential to craft a unique and safe username that will keep your accounts away from threat actors and prying eyes.
In this article, we discuss what a username is, why it’s important to have a unique and secure username, and some tips and tricks to get there.
What is a username?
A username is a group of characters that serve as your identity for an account or service, either in a computer system or on the internet. They’re also called login names, user IDs, login IDs, and account names.
As identifiers, usernames help distinguish and set you apart from other people or accounts. This is in contrast to passwords, which are used to authenticate or verify that you are who you say you are when logging into an account.
Below is a quick description of both and their main difference:
- Usernames: Identifies who you are, either in a computer, a network, an online service, or an application.
- Passwords: Authenticates or confirms that you are who you claim to be, enabling you access to an account after it’s correctly provided.
These days, most online sites, social media networks, games, and applications require a username before you can continue using their service. Some websites allow you to use your email address as a username, but that isn’t always the case and, at times, isn’t the recommended practice.
SEE: SMB Security Pack (TechRepublic Premium)
Why is it important to create a secure username?
While it seems like a no-brainer to have a strong password, having an equally secure username is crucial for these reasons:
They’re often included in data leaks and breaches
In a massive data breach, a hacker aims to get as much information on you as possible. This means they not only target passwords but also eye your phone number, address, email, and of course, your username.
Since usernames and passwords go hand-in-hand, a hacker having your username technically means they have 50% of your login credentials. This makes it significantly easier for cybercriminals to use strategies like brute force attacks or credential stuffing, i.e., a high-powered form of trial and error, to try and steal your account.
Usernames are public information
It’s essential to remember that most usernames are available to the public because they act as identifiers. Think about your business’ LinkedIn account, your Amazon account, or even your personal username for gaming. All of these can be viewed by both you, other people, and hackers alike. In this regard, they don’t have the same type of security as passwords regarding private information.
With this, I strongly recommend creating unique usernames for each account you have. Why? Let’s say you regularly use one username for many of your accounts — including your email address. Here, hackers can use your public username to track down all your other accounts. This leaves you highly susceptible to social engineering tactics, scams, or phishing attempts.
They can help build your anonymity online
While usernames are public, they don’t necessarily have to include your full name. In this regard, having a secure username can be a great way for you to strengthen your online privacy. If you do it right, no one technically knows which username is tied to your account. This allows you to browse the internet without worrying about others looking into what you’re doing online.
Another way usernames can help strengthen privacy is by using them to separate your work and personal life online. Like the example above, you can use a completely different username for your personal accounts. This allows you to keep your personal feed private and maintain your business account at the same time.
How do I create a secure username?
Fortunately, creating a secure username can be a straightforward process, provided you follow some key steps. Here’s what I recommend:
1. Avoid including your full name, address, or other personal information
Most accounts, except work accounts perhaps, won’t require you to use your full name — and for good reason. Having your name in your username will make it much easier for hackers to identify you and subsequently find your other accounts.
For example, if both your name is John Doe and you have “JohnDoe” as your Amazon account, it would be a breeze for cybercriminals to put two and two together and conclude that this Amazon username is yours.
Similarly, any personally identifiable information also shouldn’t be in your username, as you’re inadvertently giving hackers more data to work with to hack your account.
Here’s a list of data you should definitely avoid including in your username:
- Date of birth.
- Address.
- Email address.
- Phone number/s.
- ID numbers or PINs.
- Social security number.
- Your hometown.
Remember, since usernames are public info, hackers have the same access to them as you do. If you include something like your home address in your username, a savvy hacker can use it to their advantage and possibly target you.
Hackers can also use any personal info you have in your username to answer security questions. These questions are safeguards placed in most online services that help authenticate your identity and allow you to retrieve or reset your password when needed.
To illustrate, let’s say your username is JohnDoeAug11. In this instance, a hacker can assume that “Aug11” is your date of birth. In theory, this means the hacker now has both your name and your birthday.
If you have an online account, that has a security question asking what your birthday is, they would now be able to unlock your account or login credentials without you knowing.
2. Don’t reuse usernames for other accounts
It’s worth emphasizing that you should avoid reusing usernames when creating a new account. Using a new, unique username every time you make a new account drastically reduces the likelihood of your accounts being hacked.
While this can be inconvenient, I do think the additional layer of security you provide your accounts with this practice is very much worth it.
In addition, I also discourage merely revising old usernames or slightly modifying them. Why so? Let’s take for example, having the username “techrepublic1.”
If we change it to something like “techrepublic2,” this still leaves you at great risk of being compromised since hackers can readily sift through different variations of your username when they try to acquire your credentials.
Steering clear of repeating used login details is the same practice recommended when creating a new password. If you’re curious about how to have a strong password, check out our How to Create a Secure Password guide.
3. Make it memorable for you but hard to guess for everyone else
Now that we’ve gone through some things not to do, let’s see how we can actually create a unique username from scratch. Since usernames can be anything under the sun, one way to do it is to use a combination of words that mean something to you and only you.
I strongly suggest mixing words or phrases that mean something to you but can be hard for anyone else to guess. Here are some ideas to think of when creating your unique username:
- Your hobbies or interests.
- Your characteristics or personality.
- Your favorite items.
- Old nicknames or pet names.
- Favorite movies, games, or TV shows.
Let’s say your favorite animal is a dolphin, and you’re quite fond of pizza. For you, maybe “pizzadolphin37” as a username is a good pick.
It’s also encouraged to add in random characters, like symbols or numbers, at your discretion. Just make sure you’re able to remember it well.
4. Ensure your username and password are unrelated
Another thing to remember is to ensure your username and password are two completely unrelated words. While this may seem obvious, having a username-password combo that connects somehow is a recipe for disaster.
Below is an example of login credentials that relate to each other:
- Username: RosesAreRed.
- Password: VioletsAreBlue.
Even if having related login details helps remember them, it’s important to acknowledge that both hackers and their tools have evolved. Such a combination would not be difficult to crack for hackers and threat actors, much less more experienced ones at that.
5. Use a random username generator
Finally, you can also use online username generators that will automatically create a username for you. Many of these username generators let you set specific parameters for your username, such as how many characters it has, what type of words are used if it’s random text or an actual phrase, and the like.
Below are some online username generators I’ve seen that provide a fair amount of options and settings you can tweak to get your desired username:
A handful of password managers also have username generators you can use, such as 1Password and Bitwarden. I’ll be listing these password managers, and more details about them are below to better understand which ones to go for.
6. Have a secure way to store them, such as via a password manager
As we’ve touched on them, password managers can be worthwhile investments in storing and securing unique usernames. Aside from storing passwords, password managers are also designed to automatically store all the usernames you use for each account. This means you won’t have to think about remembering all your usernames, as the password manager does for you.
Most modern password managers also include autofill capabilities, which removes the hassle of remembering the specific username and password for each account. With autofill, password managers will automatically populate the login form fields for you.
Password managers with username generators
If you’re interested in trying out a password manager service, here are three that I find are worth checking out.
Fortunately, all three password managers below offer a username generator either within the app or via their official website, so you’ll have no trouble creating a unique username with any of them.
| Bitwarden | 1Password | NordPass | |
|---|---|---|---|
| Star rating | 4.6 out 5 stars | 4.3 out of 5 stars | 4.6 out of 5 stars |
| Starting price | $0.83 per month | $2.99 per month | $1.69 per month |
| Username generator | Yes | Yes | Yes |
| Standout feature | Free version with unlimited password storage and unlimited devices | Polished and intuitive user interface with travel mode capabilities | Modern XChaCha20 encryption, refined UI, and flexible subscription options |
Bitwarden
If you’re looking for a fully free password manager, Bitwarden is one of the best. Its free plan provides unlimited password storage, which is a big plus considering other free password managers impose a cap on how many passwords can be stored. Bitwarden Free also enables access to an unlimited number of devices, letting you access your encrypted vault from any device. Privacy enthusiasts also appreciate Bitwarden for being open-source and having a strong portfolio of third-party audits.
To learn more, read our full Bitwarden review.
1Password
For users that prioritize having a streamlined user experience, I recommend 1Password. Its desktop application and browser extension both have polished designs, making it easy to manage numerous passwords and accounts. On the security side, 1Password employs a zero-knowledge approach, ensuring all your sensitive credentials are only accessible to you alone. 1Password accounts are also end-to-end encrypted and use AES-256 encryption, the gold standard encryption algorithm in the industry today.
To learn more, read our full 1Password review.
NordPass
If you’re a fan of NordVPN and looking for a companion password manager, NordPass should be on your radar. As Nord Security’s take on password management, NordPass takes a lot of cues from their popular VPN in providing a strong balance between having a clean UI without sacrificing overall security. It uses the “future-proof” XChaCha20 encryption algorithm; offers a refined and modern-looking desktop app; and provides a reasonable amount of multifactor authentication methods as well. I personally appreciate its subscription options, having both a free version and either an annual or two-year paid plan.
To learn more, read our full NordPass review.
