Protect what matters – even after you're gone. Make a plan for your digital legacy today.
Forum Discussion
Solved
Do account usernames need to be as complicated as passwords?
I was recently reading about account security, and the author said using your name, email address or anything close to those items was not very smart these days. The author advised that you should go back and change those usernames to a combo of letters, numbers and symbols just like a password. Please advise.
@ 1P_Dave
That helps a lot. Thank you, Dave!
9 Replies
- 1P_Dave
Moderator
Hello jazzman! 👋
It looks like AJCxZ0 already provided a pretty good answer but I also wanted to add a few more points. Usernames aren't usually private in the same way that passwords are, for example there would be little point to you use a randomly generated username for this forum for additional security since your username can be seen by everyone.
My recommendation is that you ensure that you're using a strong and unique password, of the kind generated by 1Password, so that it's difficult to for anyone to guess that password. And even if that password is breached your other accounts won't be affected. You can also consider using passkeys for additional protection wherever they're supported.
That being said, it does make sense to use random usernames to protect your privacy. If you use the same username, or your email address, across several different services then that makes it easier for someone to track and correlate your activity in all of those places. It's why 1Password offers an integration with Fastmail's masked email feature so that you can generate a different email address for all of your accounts: Use 1Password to create and manage Masked Emails in Fastmail
-Dave
- 1P_Dave
Thanks for the ping! If a website offers a way to change the email address for your account then 1Password should offer to generate a masked email alias when you click into the "New email" field on the website. 1Password will then offer to update your existing login item for that website with the new masked email alias.
-Dave
Great answer. Thank you!
[Citation not needed, but would be welcome]
There are some cases in which treating both of the two strings of text as effective passwords makes sense and the process of logging in remains optimal when using a good password manager such as Bitwarden or Proton Pass.
While there are no strict criteria, this can be a good approach for services where the username is inconsequential and not revealed. For services such as this forum it's probably counterproductive.
I do this for some of my accounts and for services which I host.Given that leaked, breached, stolen, pwned, purloined, ... credentials are by far the greatest source of abused credentials and that brute force password guessing has become almost negligible for various reasons [Citation needed, but not provided], having a random or complex username is largely inconsequential, especially since many such breaches also include email addresses and other more valuable information.
To answer the question in the title: No, and not just because usernames tend to be more constrained than passwords.
