Skip to main content
August 7, 2025
Solved

Do account usernames need to be as complicated as passwords?

  • August 7, 2025
  • 5 replies
  • 155 views

I was recently reading about account security, and the author said using your name, email address or anything close to those items was not very smart these days. The author advised that you should go back and change those usernames to a combo of letters, numbers and symbols just like a password. Please advise.

Best answer by jazzman

@ 1P_Dave

That helps a lot. Thank you, Dave!

5 replies

AJCxZ0
August 7, 2025

[Citation not needed, but would be welcome]

There are some cases in which treating both of the two strings of text as effective passwords makes sense and the process of logging in remains optimal when using a good password manager such as Bitwarden or Proton Pass.
While there are no strict criteria, this can be a good approach for services where the username is inconsequential and not revealed. For services such as this forum it's probably counterproductive.
I do this for some of my accounts and for services which I host.

Given that leaked, breached, stolen, pwned, purloined, ... credentials are by far the greatest source of abused credentials and that brute force password guessing has become almost negligible for various reasons [Citation needed, but not provided], having a random or complex username is largely inconsequential, especially since many such breaches also include email addresses and other more valuable information.

To answer the question in the title: No, and not just because usernames tend to be more constrained than passwords.

jazzmanAuthor
August 8, 2025

Great answer. Thank you!

1P_Dave
1Password Employee
August 8, 2025

Hello @jazzman! 👋

It looks like AJCxZ0 already provided a pretty good answer but I also wanted to add a few more points. Usernames aren't usually private in the same way that passwords are, for example there would be little point to you use a randomly generated username for this forum for additional security since your username can be seen by everyone.

My recommendation is that you ensure that you're using a strong and unique password, of the kind generated by 1Password, so that it's difficult to for anyone to guess that password. And even if that password is breached your other accounts won't be affected. You can also consider using passkeys for additional protection wherever they're supported. 

That being said, it does make sense to use random usernames to protect your privacy. If you use the same username, or your email address, across several different services then that makes it easier for someone to track and correlate your activity in all of those places. It's why 1Password offers an integration with Fastmail's masked email feature so that you can generate a different email address for all of your accounts: Use 1Password to create and manage Masked Emails in Fastmail

-Dave

jazzmanAuthor
August 19, 2025

Hi @1P_Dave!

Thanks for your answer. Can you go back and create Masked Emails for existing accounts in 1Password?

1P_Dave
1Password Employee
August 19, 2025

@jazzman 

Thanks for the ping! If a website offers a way to change the email address for your account then 1Password should offer to generate a masked email alias when you click into the "New email" field on the website. 1Password will then offer to update your existing login item for that website with the new masked email alias. 

-Dave

jazzmanAuthorAnswer
August 23, 2025

@ 1P_Dave

That helps a lot. Thank you, Dave!

1P_Dave
1Password Employee
August 25, 2025

I'm happy to help! 

-Dave