The first rule of User Name is: don’t use your name.
When it comes to security on the web, passwords get all the attention. And rightly so, but in our emphasis on strong passwords, we lose track of the user name. It too plays a role in the ability of hackers to get past our login screens.
Take the example of WordPress. For years, the default user name was admin and, to this day, hackers continue to try that just in case someone’s still using it, as this log from a security monitoring plugin shows. (And if you do still have a user named admin, here’s how to remove them right now!)
If a hacker knows your name – say, from your About Me page – and your name is your login user name, then they’ve got one half of your credentials. Of course if you have a strong password, knowing your user name does not help the hacker very much, but why give them any help at all?
And it’s simple enough to create a user name that’s not obvious, partly because you don’t have to be as careful as you do with the password. For example, if you’re an accountant and your birth year was 1964, then a user name like audit64 would be easy to remember, and much better than using your first initial and last name. As a password, this would be terrible, but it’s good enough to be a strong user name.
Emails As User Names
Many places online ask you to signup with an email address as the user name for your account. What’s the first rule of User Name? Don’t use your name. And in this case, that means, don’t use your regular email address.
Make up a forwarder address that goes to your main address and give this forwarder a name you’ll clearly recognize as your “registration email,” such as email@example.com. It also means you can filter messages with this address to separate them from your regular email.
Don’t Use the Same Username
Where security is particularly important, like financial sites/applications, create a unique user name or email forwarder for each one. Just like it’s not a good idea to use the same password – even a strong one – for multiple important sites, you should be changing your user name for each.
Hosting Account User Names
When you’re setting up a hosting account, tell them you’d like to choose the user name for the account. Most hosting companies will just automatically use the first seven or eight letters of your domain name. This is not requirement of the software that runs hosting accounts, it’s just the default behaviour and your host should be willing to set things up the way you want – if not, look elsewhere.