You may take all the right steps to create and maintain secure passwords for your online accounts. But what about your username? If you’re like most people, you likely use your first or full name as your username across various websites. But that strategy can leave you vulnerable to compromise, according to a new report from password manager NordPass.
SEE: Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)
In a blog post published Tuesday, NordPass revealed the top 200 most popular usernames based on research from a white hat hacker. The most common username was ยศกร, which means “title” in Thai. In second place was David, followed by Alex, Maria, Anna, Marco, Antonio, Daniel, and then Andrea, all just actual people’s names. The remaining selections of the top 200 were all first names used in different countries around the world.
The point behind the research was to show the tendency to use real names as a username, a maneuver that can lead to trouble. When a hacker targets data during a breach, they look for any kind of information they can easily capture, including usernames. The more common or obvious a username, the more easily it can be obtained.
As one example, Snapchat was hit by a data breach in 2014 during which time the attackers downloaded 4.6 million usernames and phone numbers. As many people used their own names or surnames as their usernames, they were easy for the hackers to identify. Further, cybercriminals who learn your username and phone number can launch social engineering attacks with such messages as: “You’re receiving this SMS from Snapchat, and we need you to verify your password for account johnsmith.”
Some websites have introduced tighter security policies around usernames. In some cases, sites will now determine if your username is unique. If not, the site won’t let your register or set up an account.
How can you choose a more secure username? NordPass security expert Chad Hammond offers the following tips:
- Don’t just use your name as a username.
- Avoid using the beginning of your email address as your username.
- Your username should be simple enough to remember but hard to guess.
- Never use easy-to-guess numbers with your usernames (for example, address or date of birth).
- Don’t use your Social Security number or ID number as your username.
- If you’re struggling, try an online username generator.
Subscribe to the Cybersecurity Insider Newsletter
Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays