A username identifies you on a website or server that manages secure user accounts. What this username is, however, is up to your discretion and the constraints of the system your account resides in. More importantly, understanding what usernames are and how they're stored can give you an idea of why it's important to maintain good, secure username practices. Typically, you worry about keeping only passwords secure, but it's also worth looking at your username choices.
Usernames and Email Addresses
A username is simply the identifying string of characters used by a Web server to identify users with accounts on the server. The specifics of how a username works depends on the server and the type of applications used on the server, but in general a username consists of ASCII code, which represents Roman alphabet letters, numbers, punctuation, symbols and in some cases space characters such as the white space or tab characters. In this scope, an email address can function as a username, although it doesn't have to.
When a server enables user accounts, it typically stores them on the server in a database. Within the database, the username will exist alongside a password you create for authentication purposes. For example, within a server database may exist a table that contains usernames and corresponding passwords. If you use your email address as your username, the server will look up your email address in the database when you try to log in and find the corresponding password. Then, when you enter the password, the server will allow access only if what you entered matches what's in the database.
One problem with storing usernames in databases is that it's very secure without some added measures. Anyone who breaks into the database will have access to all the username and password combinations. So databases will often "hash" password information. This means that when you create your account, the database runs your created password through a hash function that processes the password string and produces another value. The server saves this hash value as your password in the database. This process is not reversible: A hacker can't figure out your password from the hash value. When you log in, your password is hashed and compared to the hash value in the database, providing the same authentication result without storing plain passwords that hackers can read on the server.
Secure Username Practices
So, while your username isn't necessarily your password, it can be. For certain services, like your email, your email address will most likely be your username. However, it's not necessarily the best practice to use your email for all of your accounts. If a hacker breaks into one account and determines your password, he can find your email address and try that password on it as well or any other account you might have that also uses your email address as a username. One possible way to avoid this is to use different usernames across different services, and use only services that encrypt or hash password information.
- Jupiterimages/Creatas/Getty Images