Beyond the Password: Be Wary of Your Username Too

Topping the syllabus for "How to Protect Your Privacy Online 101" is passwords, passwords, passwords. Make them unique, make them strong, hard-to-guess, never reuse one, the list for how to protect yourself from scams goes on and on. But while you're spending the day creating a password beyond "12345," what other, even more dangerous security risk are you letting slide by?

Topping the syllabus for “How to Protect Your Privacy Online 101” is passwords, passwords, passwords. Make them unique, make them strong, hard-to-guess, never reuse one, the list for how to protect yourself from scams goes on and on. But while you’re spending the day creating a password beyond “12345,” what other, even more dangerous security risk are you letting slide by?

According to new research, that risk is, in fact, the one you use everyday, the one that defines your online identity: your username.

And it’s a particular risk for social media users, who want to be pervasive online and want their friends and family to be able to find them easily, from Twitter to Facebook to Foursquare.

The new research, from the French National Institute of Computer Science, contends a single identity may not be such a good idea. They have found that by reusing usernames across multiple websites, social media users may be giving marketers and online scammers an easy way to profile and track them.

“We looked into the uniqueness of the usernames that people use online,” said lead researcher Daniele Perito. “We found that people tend to reuse the usernames a lot, and tend to choose extremely identifying usernames for their online activity, which can pose privacy risks.”

Those privacy risks, the study found, range from making it easier for advertisers and marketers to pull your digital identity from across the Internet into one place, to allowing multiple online profiles to be linked together by scammers for phishing or targeted spam campaigns.

Overall, using the same username allows advertisers and third-parties to create a more complete profile of you than one network could provide alone. And, of course, the more scammers know about you, the better they can tailor, and personalize, their attacks.

Perito and his team of French researchers collected more than 10 million usernames from sites like Google and eBay to calculate what they call “username probabilities.” According to their calculations, people with more uncommon and unusual username are more susceptible to profiling techniques, and the privacy risks exist even if you use just similar usernames across different sites.

So what can you do?

Up first, but largely beyond your control, is an area the French researchers are targeting: the privacy safeguards popular Web sites like Google, eBay and Facebook could implement to keep username information more private. Social media sites, in particular, more often than not display usernames publicly, allowing Daniele and his team, for example, to download 3.5 million usernames from Google, and 6.5 million from eBay.

You, the social media user, can start, however, by becoming more aware of the usernames you choose moving forward.

You can also use this tool created by the study’s researchers to analyze your own usernames. You type in your username, and the tool will tell you how easily the name can be used to identify you. Or, you can type in two usernames, and the software will tell you if it thinks they belong to the same person. You can also find the tool online by searching for “How unique are your usernames?”