Does using complicated usernames add anything to the security level?

In this excerpt from
Answercast #33, I look at the small benefit that a complicated username
could give to your security efforts and recommend that you put your energies
elsewhere.

]]>

Are complicated usernames more secure?

No. Not really.

The problem is that hackers usually aren’t trying to guess your username. Usually, that’s something they already have.

Usernames are commonly easily visible. They’re not obscured when you login to whatever service you’re using, and they are just not that hard to get.

Obvious guesses

Email addresses are a great example. If they don’t have a set of email addresses to work from, hackers or spammers may very well start with the obvious.

For example:

• Leo @ justaboutanything gets a lot of spam,

• Because they assume that everybody likes to have their first name as their email address.

• As a result, they have a long list of first names,

• And they start spamming email to those first names at just about any domain they can think of or they can find.

Obscured email username

So, of course, if you have a completely random set of characters as your email address, as your email username, you’re likely to get less spam.

But in all honesty, it’s not really worth to me.

Email addresses are things that really identify you to other people. They’re useful to be something simple like your name.

Banking username

In other cases, when you’re logging into a bank or when you’re logging into services where your username is, theoretically, something you and the service would see?

Yea, I suppose it could add a little bit of security.

But in reality, I just don’t see it as adding that much. I would much rather see the effort put into:

• Making sure you’ve got strong passwords

• And are following good practices for keeping yourself on the internet.