Reusing Username Bad?

Hello, this is my first post here. If using 1Password to generate passwords for Logins, how unsecure is it to reuse the same Username everywhere? If unsecure, any suggestions or methodologies for coming up with Usernames? Also, could 1Password generate Usernames?

Thanks,
John

Comments

  • I wouldn't imagine there's much that can be done about usernames since most sites these days need an email address. Unless you have a personal domain then managing a separate email account per login would be a nightmare.

  • khadkhad Social Choreographer

    Team Member

    Good question, @whosnext‌! It certainly isn't bad, but it may provide little practical benefit, and may just end up making your life more difficult. For a more detailed discussion of the subject, you may wish to peruse:

    If we use strong passwords, what is the point to using strong user IDs?

    One tip that I know a lot of folks use is that if you are a Gmail user, you can use unique email address in the format of:

    [email protected]
    

    So, for example, if your email address is [email protected] you can sign up for FancyWebSite using [email protected] and the email will all make it to your regular inbox but you can set filters based on the full address. That way if someone leaks your email address to spammers you'll know who did it.

    The important part is to keep the secret (your password) secret. Usernames are used for identification not authentication. :)

  • The other consideration is that usernames are almost never encrypted in databases.

  • khadkhad Social Choreographer

    Team Member

    The other consideration is that usernames are almost never encrypted in databases.

    Yep. Exactly. It isn't "secret" in pretty much any sense of the word.

  • Thanks for the comments. Thanks for the link, khad. I understand that Usernames are not as protected as Passwords. I was thinking along the lines of someone in that linked discussion- they (bad people) have a Username that is valid at many websites.

  • khadkhad Social Choreographer

    Team Member

    Thanks for the comments. Thanks for the link, khad.

    Happy to help!

    …they (bad people) have a Username that is valid at many websites.

    Yep, but as Kerckhoffs' principle states, "A cryptosystem should be secure even if everything about the system, except the key, is public knowledge." In fact, in many cases your username is very public indeed (Twitter, this forum, etc.). The password is your protection. That's why it is important to use strong, unique passwords because it is not reasonable to assume that usernames will remain private or protected even in cases where they appear to be.

This discussion has been closed.