You know you should use random passwords. A lot of people don’t, though. So if you’re already on board this train, that’s fantastic. But you could be doing more and you probably should given how online security is evolving.
If you reuse the same username across all sites, someone can more easily try to hack your accounts. And if it’s your email address? Now they know what account to attack if they want to try to gain full control over your online life.
But if you start using random usernames (and email masks) in addition to random passwords, a hacker’s job becomes more difficult. For starters, you’ll neutralize attempts at credential stuffing—or checking to see if an account exists by initiating a password reset. And if you’re lucky enough to have never had your primary email address involved in a data breach or leak, it should be harder to guess, too.
Fortunately, upgrading your security to include random usernames is pretty easy if you’re already using a password manager. Whether the free one provided by Google or Apple, or an independent third-party service, you can track this info along with your unique passwords. Some password managers like ProtonPass can natively suggest email masks (aka email aliases) to cloak your email address if a site requires it for login.
Google Password Manager is simple, but it gets the job done.
PCWorld
(Ex: Your normal email address is emailaddy@randomdomain.com. An email mask would be something like e8xk3x@otherdomain.com, or duck-duck-goose@birds.com—any email sent to those addresses would get forwarded to your actual.)
This extra step sounds complicated, but implementing doesn’t have to be laborious. Start first with your most important accounts, like financial and medical services. Then spread outward. You can change your login ID whenever you next sign on.
Because data breaches and leaks have become so common, bad actors have much more information to use for their attacks—which is why carving out a little extra privacy for your online activities can boost your security. A hacker could still feed gobs of stolen data into AI tools to create more sophisticated scams and attacks faster or even target you more specifically, but you won’t be as immediately identifiable or predictable.
Of course, your random usernames and passwords are only as good as the passwords you use to safeguard them. Be sure you’ve locked down your password manager well. And just as important, don’t save the credentials for your primary email address in it, either.
