Most Internet users are well aware that they need to be hyper-vigilant to keep their passwords and personal information protected. They have heard the recommendations that they need to use a password not related to their name, address or pet’s name while including symbols, numbers and random capital letters.
However, the reality is the usernames they have created for email accounts, social media and other online services could be delivering all their private details into the hands of cyber criminals – no password needed.
While it might seem harmless to include a first name and the numbers from your street address in a username, cyber criminals can harvest those details to search for other private information that you may not know is publicly available on the Internet.
"Cyber criminals use a technique called Doxing, essentially combing the web for snippets of information about a person, to build a full profile they can use to execute crimes like identity theft, scams or other targeted attacks," says Shaun Murphy, CEO of PrivateGiant, a technology firm dedicated to restoring privacy to online communications for the individual and enterprises. "People do not realize that if they do something as benign as posting a comment on a public page with a username like CrazyShaunOrlando those two pieces of information are enough detail for a criminal to exploit. Within minutes they can find your home address, how much you purchased your home for, what high school you attended, where your kids go to school, the list goes on."
He says the following five common mistakes should be avoided when creating a username, and if you are currently accessing accounts with a username that is guilty of one of these errors you will want to change it as soon as possible.
1. Recycling One Username Across Accounts – just like recycling a password is a bad idea you should avoid using the same username to log into different online accounts as well. Having one common username across accounts just makes it easier for criminals to search for and find details about your life.
2. Including All or Part of Your Name – business professionals and students often use a variation of their full name as an email address, on social media and other online forums. While people might be able to easily search for and follow or friend you, you are also making it easier for criminals to do the same.
3. Revealing Details About Your Location – whether it is the city you reside in now or where you were born including a meaningful location in your username is never a good idea. Not only is it one more tool criminals can use to narrow their search for your personal details, it is also a common password security question.
4. Using Your Birthday or Other Meaningful Numbers – While a string of four to eight numbers might seem random a criminal will be able to use a birthday or street address to verify if the information they are accumulating is all for the same person.
5. Sharing a Username with an Email Address – linking a username with an email address can simplify a criminal’s search for your personal information. Using trial and error a criminal can add common email providers to your username, run a search and pull up your social media accounts and any other sites where you have used that email address to create a profile. Some email providers including Gmail, Outlook and Yahoo allow users to alter their email address into infinite number of disposable addresses.
For example if your email address is firstname.lastname@example.org and you want to sign up for a new deal website you can alter your email address just for that site by adding an identifier to it such as shauntips+FreeRunningStuff@gmail.com. This keeps your actual email address private and can help stop criminals from being able to track your online history simply by searching for one of your email addresses.