Tips & Advice

Why you shouldn’t reuse your username

Grace Macej 24 Jun 2021

Protect yourself from stalkerware and tech abuse

How anonymous are your usernames? Do you have more than one? Few people follow username best practices. If you’re like most people, your username is some version of your real name. Maybe it’s your first initial and your last name, or maybe it has your birthdate added to it. How much are you exposing yourself to the risk of being hacked or cyber stalked?

Let’s use jdough0385 as an example. 

Now, jdough0385 has the same username across every one of his apps and social media accounts. Let’s say one of the dozens of social media apps he’s set up over the course of his lifetime gets breached. His username is leaked. A hacker sees his username and decides it has enough information to start building a profile of jdough0385. The first thing the hacker might do is check to see if the username is the first half of an email address. He’s right: jdough0385@email.com. The hacker then runs a series of low-security passwords like ‘123456’ and ‘password.’ When the hacker gains access to jdough0385’s email, he locks him out and takes over his identity. The hacker also guesses that 0385 is short for March, 1985. Now he only needs 31 guesses to find the rest of the birthdate and start gaining even more recovery data, more account access, and eventually control of jdough0385’s financials. This sounds like a worst-case scenario, but it happens more often than you’d think. 

Now, let’s imagine that instead of being interested in money, jdough0385’s hacker was an abusive partner interested in controlling his physical and digital movement by abusing stalkerware. 

What’s stalkerware?

You’d think it’s a malicious app used to hunt people down, but most of the time, stalkerware comes in the form of apps to help people find their lost phones, keep kids accountable to their curfews, and meet up with friends. Apps with user tracking can also access photos, videos, instant messages, and even social media accounts. 

When you have the same username across your email and other apps like your electric car’s key app, or your Instagram account, it’s easier for a stalker to decipher your credentials and log into the same apps and services on their phone. Now, they’re able to see where you are at all times. 

If you’re leaving an abusive relationship, follow these tips to start securing your technology. If you have the same username for all your accounts, use these tips to change your usernames:

  1. Create usernames that are easy for you to remember, but hard for others to guess.

  2. Use numbers, special characters, and a mix of uppercase and lowercase letters.

  3. Avoid using unique information like your birthdate, social security number, or other IDs.

  4. Use something other than your real name as your username.

  5. Avoid using part of your email address as your username.

  6. Use different usernames for different accounts.


Further reading:
Discussing 4 misconceptions about tech abuse — and how to combat them
How to spot the signs of stalkerware on your phone