Username's Security

A username is a part of your accounts security

A username should be an important part of our security and not only relegate our security to the password, since with that type of relative complex username we will increase the security of our accounts much more than with the use of a more generic username and strong password.

Security advices in usernames

Some general security advices in the username security is not provide real data in the username, real data is a bad practice for a public information, remember that usernames usually is public.

Then we always advise you to use a diminutive, a pseudonym, the name of your pet, your favorite superhero, but yours better not, or if you do it distorts the username, and of course do not include your real name.

Why increase username security?

Because in account security two parameters are used, we should see these two parameters as two keys and not only one, both keys need to be known to access the system. The password and the username.

So the person, machine or bot that wants to access will need to know those two keys, on one hand the username itself and on the other the password itself.

If one of the two parameters, or keys, is weak, we will be decreasing the security of our account, at least to 50%.

For this reason, security should begin with the username itself and not only with the password.

Many of the systems that are used to hack into user accounts on any social network are based on brute force, i.e. the infinite succession of attempts to combine different passwords until the correct one is fortunately found.

This succession of attempts is made from several computers that work as robots, are called bots, so that it manages to accelerate and much of the succession of attempts.

It is normal, for example, that a blog of certain importance and traffic suffers more than 1,000 daily attempts to access its administration panel through brute force in the same day. In other words, the traffic generated by brute force attacks is enormous.

In many cases they use by default the username "admin" or "root" which is very popular in blogs and systems. Therefore, if we change it to another username, it makes access attempts very difficult.

This is where the username can, or rather should, also be part of the security equation, behaving like a second subkey, I explain.

Brute force attacks do not know the username of a system or social network as well as the password, and therefore they use common usernames to the different systems, such as: root, admin or generic dictionary names like john, beth, david, daniel, etc. For this reason you should avoid using your real name as it is in any social network.

At this point you may think that you will gain a lot of security by adding your year of birth to your username, and that this will be enough, for example beth85 or daniel2002 if you were born in 1985 or 2002 respectively. Well, it has been proven that many robots resort to adding years to usernames until they find the correct username/password.

So it's best to add another word to your username to make it almost impossible for brute-force bots to hack into your account.

Just like our username generator that will add an adjective to your name, this way we will have a great combination of possibilities of different usernames, that together with a secure password, of no less than 8 characters, that combines uppercase, lowercase, numbers and some non-alphanumeric signs, like exclamation marks, parentheses or brackets, will make it very difficult to break our security by brute force.

The security of the password

It is something basic that any user must have a very strong passwords differents in each of online systems that he use.

Even if you think you have nothing of value in your online accounts, and therefore thinks that nobody will be interested in stealing your access to it. Since this assessment of the content of yours accounts will not be made by the hacker, as many launch automated processes that try to take over user accounts at random regardless of the value of the data contained that may have the user.

A password is bad, or rather insecure, when it is easy to guess, because it looks like the user's own real name or username, or because the password contains a dictionary word, or because his password is commonly used worldwide, like 1234 passwords.

Let's imagine we choose a password that is not 1234, it's 2020 because we are in 2020 year, well the brute force would try first with the number 0, then proceed with 1, followed by 2, and so on until we reach the number 2020 or in fact, any other number, at which time we would get our password right by the brute force system.

Do not think that 2,000 access attempts, 10,000 or 1,000,000 is something difficult and unlikely, no, I repeat, attacks are made in an organized way, from several points, using bots, and launching many simultaneous requests so that the work is shared and that effort is constant, so it is a matter of days that they find a number key or dictionary.

For this reason our access key to any network should never be a simply sequence of numbers, nor contain only numbers, nor complete words, nor dictionary words since brute force attacks usually resort to this type of dictionaries.

If we also combine a good key with a complex username, which does not correspond 100% to our name, which includes numbers other than our year of birth or the current year, we will achieve a combination that is difficult to break.

What is username cybersquatting?

The so-called cybersquatter, at a general level, is when someone "substract" a digital space from us or occupies it without using it..

We understand by space, an internet domain, an e-mail address, a social network account or a web account of any kind.

The cybersquatting of user accounts would be the theft of a personal account, that is to say, that a hacker would know your username and would find your password, would access your account by impersonating you and would change your password, so that from that moment on you would not be able to access it. He could probably ask you for a ransom for giving you the new password so that you could log in and change it for a new one.

In the case of the username cybersquatter without the hacking of the account, it would be the most common and it would be something as simple as that annoying moment when we are going to proceed to register us with our typical username in a new online system, either a new social network, a forum, a store where to buy or wherever and we see that our username is already taken by someone else.

Sometimes we can even see that the username does not seem to use that social network or web because in your user profile you do not see activity, which makes this practice of cybersquatting abusive

The existence of accounts created in services but without an apparent use, although it may seem something unusual, is a very common practice, when a new social network appears, a new communication app, or simply a new web that becomes fashionable, people quickly run to create their user accounts.

The problem is that the shortest, simplest or most attractive usernames are the ones that disappear first, especially those that refer to people's names, where for example if your name is "Dave Smith" you can be sure that you will probably never find the username "davesmith" free in almost any social network.

Claim an existing username

It is also important for you to know that you can hardly ever claim an account, or a username, even if it is not in use and therefore a clear case of cybersquatting.

Although, I must clarify, if you are a public and famous character, in certain social networks, such as Instagram, you can report cybersquatting and probably you get the username that popularly identifies you, but believe me that this works only for real celebrities and not for normal users.

In the past, some networks, like YouTube, had a sort of day-counting system and ended up releasing usernames where there was no activity for a long time, either in terms of new video uploads or viewing.

However, before the deletion YouTube sent an e-mail to the user warning that they would delete his account and free the username unless the user accessed their account, and of course, many disused users, the cybersquatters just and only then accessed and managed to extend the use of that username for another period.

How to avoid the cybersquatter?

The only way to avoid cybersquatting is to practice it, that is to say, to try to be the first one to occupy your username when a web or social network is becoming fashionable.

Even if you don't have time to publish on that network at the moment, maybe later on you will be able to.

I know that this practice that I recommend is not good at all, at least from an ethical and moral point of view, but believe me, if you don't do it, they will do it to you and besides we are not a web about ethics and morality on the net.