Reusing Username Bad?

whosnext
whosnext
Community Member

Hello, this is my first post here. If using 1Password to generate passwords for Logins, how unsecure is it to reuse the same Username everywhere? If unsecure, any suggestions or methodologies for coming up with Usernames? Also, could 1Password generate Usernames?

Thanks,
John

Comments

  • RichardPayne
    RichardPayne
    Community Member

    I wouldn't imagine there's much that can be done about usernames since most sites these days need an email address. Unless you have a personal domain then managing a separate email account per login would be a nightmare.

  • khad
    khad
    1Password Alumni

    Good question, @whosnext‌! It certainly isn't bad, but it may provide little practical benefit, and may just end up making your life more difficult. For a more detailed discussion of the subject, you may wish to peruse:

    If we use strong passwords, what is the point to using strong user IDs?

    One tip that I know a lot of folks use is that if you are a Gmail user, you can use unique email address in the format of:

    yourusername+whateveryouwant@gmail.com
    

    So, for example, if your email address is example@gmail.com you can sign up for FancyWebSite using example+fancywebsite@gmail.com and the email will all make it to your regular inbox but you can set filters based on the full address. That way if someone leaks your email address to spammers you'll know who did it.

    The important part is to keep the secret (your password) secret. Usernames are used for identification not authentication. :)

  • RichardPayne
    RichardPayne
    Community Member

    The other consideration is that usernames are almost never encrypted in databases.

  • khad
    khad
    1Password Alumni

    The other consideration is that usernames are almost never encrypted in databases.

    Yep. Exactly. It isn't "secret" in pretty much any sense of the word.

  • whosnext
    whosnext
    Community Member

    Thanks for the comments. Thanks for the link, khad. I understand that Usernames are not as protected as Passwords. I was thinking along the lines of someone in that linked discussion- they (bad people) have a Username that is valid at many websites.

  • khad
    khad
    1Password Alumni

    Thanks for the comments. Thanks for the link, khad.

    Happy to help!

    …they (bad people) have a Username that is valid at many websites.

    Yep, but as Kerckhoffs' principle states, "A cryptosystem should be secure even if everything about the system, except the key, is public knowledge." In fact, in many cases your username is very public indeed (Twitter, this forum, etc.). The password is your protection. That's why it is important to use strong, unique passwords because it is not reasonable to assume that usernames will remain private or protected even in cases where they appear to be.

This discussion has been closed.