Why Strong Usernames Are as Important as Strong Passwords

Most of us recognize the importance of strong passwords. Weak passwords make it easy for hackers to take over user accounts and gain unauthorized access to systems and networks. Today’s computing power enables hackers to crack short, easy-to-guess passwords in a matter of seconds. You might as well have no password at all.

Less attention is given to usernames. Prompted to create a username, most people will come up with something simple, such as their email address or first and last name and date of birth. As with weak passwords, this is virtually inviting a security breach.

Think of your username and password as two sides of the same coin. They work together to secure your account. If one of them is weak, it will be that much easier for a hacker to break in. A chain is only as strong as its weakest link.

The same principles apply when it comes to creating strong usernames as passwords. Follow these tips for choosing a username that is hard to guess:

  • Avoid personal information. Do not use your name, birth date, address, phone number or other personal information. Personal information not only weakens your username but puts your privacy at risk. 

  • Make it long. Make your username as long as the system or application allows, aiming for at least 10 characters. Long usernames and passwords are much more difficult to crack.

  • Use a mix of characters. Include upper and lowercase letters, numbers, and special characters if the system allows. As with length, more types of characters mean more possible combinations, making it harder to crack.

  • Do not mirror your password. Keep your username and password distinct. If your username and password are the same or similar, you have made it that much easier for a hacker to crack them.

  • Make it unique. Use different usernames for different accounts. Hackers often use usernames and passwords stolen in data breaches for brute force attacks. 

  • Avoid the obvious. Do not use easy-to-guess words or phrases such as “password,” “login,” or “admin.” That is the first thing hackers will try in a brute force attack.

  • Change default usernames. Some devices come with default usernames that are well-known and easy to guess. Change them to something stronger. 

BlogJack CohlmiaUsernames, Business Security, Cybersecurity