Hey there!

So, I've one question about privacy/security. It's not related to Ubuntu/Linux, but this is the best forum I could think of to place this. Please let me know if this goes against the rules. Also, if there's been a discussion about this already, here or anywhere else, I'd love if you pm'ed me the link.

As the title asks: Is it bad pratice to use the same username/email in different sites/forums?

I'm more interested in knowing about "same email" bit.


EDIT: "username/email" should be read as "username OR email", not the duo "username/email".

EDIT2: To admins, if you think this is better suited for the "Secutiry" forums, please move :P

Using the same username/password combination on multiple sites of any kind is generally considered a risk. Why? Because if your credentials are stolen at one site, the thieves will be able to access all your other accounts that use the same credentials. Like your bank, credit cards, etc.

Password managers are a popular approach to this issue.

At the least, use unique passwords for any bank, credit card, or other financial site, or any other situation where you don't want to put anything at risk. Then, if the credentials you use elsewhere are stolen, spam is likely the worse that can happen.

Buzzingrobot, I know about using the same password in different sites. However, I'm interested in hearing about using the same username/email (username or email, but different passwords).

Basically, you've site A and site B:

Use the same e-mail in site A and B but different usernames and passwords. (More interested in this one!)

Use the same username in site A and B but different e-mails and passwords.

Use the same username and email in site A and B but different passwords.

What is "bad practice?" It all depends on what you wish to avoid happening to you. We are required to give a username, a password and an email address. It sounds reasonable to me.

Some would say we should give different versions to each site. You must be wondering about that otherwise you would not have asked this question. But what do they/you want to avoid? Is there a risk of what you fear happening? How great is that risk? Answer those questions and then you can move on to working out "good" and "bad" practices. I may even change my practices.

Regards.

What is "bad practice?" It all depends on what you wish to avoid happening to you. We are required to give a username, a password and an email address. It sounds reasonable to me.

Some would say we should give different versions to each site. You must be wondering about that otherwise you would not have asked this question. But what do they/you want to avoid? Is there a risk of what you fear happening? How great is that risk? Answer those questions and then you can move on to working out "good" and "bad" practices. I may even change my practices.

Regards.

When I say "bad practice" I'm referring to internet privacy/security.

Let's say you're a member of two sites, very distinct sites, and you don't your info on one the sites (forum posts, for example) being tied to the info on the other. This is obviously to avoid being identified as being the same person in both sites, which would help identify you in real life or just build a better profile of you.

If you use the same username in two different sites, it's pretty easy to do a search and find more info about you. If you use different usernames but keep the same e-mail, then it's not as easy, I'd say. E-mail is not normally public, so it would be needed a DB breach to make it so.

Now, the question would be:

- Do hacks happen often enough (revealing the same e-mail address on different sites, making it the same person on both these sites) to be bad practice the use of the same e-mail?

Personally I use the same user name on lots of sites because I want people to recognise it's me. This is particularly important where sites are related.

For example I can be found here, on AskUbuntu, on Ubuntu Discourse in the Ubuntu IRC channels and on Launchpad. Because all these are Ubuntu support I feel I should have the same name and where possible avatar on all of them. I do use a password manager and have different passwords though.

If a site is totally unrelated, and you want to keep some anonymity you may want to have a different screen name on other sites, but keep separate passwords so if one site is compromised nobody can take over your other accounts.

Personally I use the same user name on lots of sites because I want people to recognise it's me. This is particularly important where sites are related.

For example I can be found here, on AskUbuntu, on Ubuntu Discourse in the Ubuntu IRC channels and on Launchpad. Because all these are Ubuntu support I feel I should have the same name and where possible avatar on all of them. I do use a password manager and have different passwords though.

If a site is totally unrelated, and you want to keep some anonymity you may want to have a different screen name on other sites, but keep separate passwords so if one site is compromised nobody can take over your other accounts.

Yes, I agree. But what about the e-mail tied to said accounts?

Yes, I agree. But what about the e-mail tied to said accounts?

Different usernames with one email address on forums and such? Then, if one account is compromised and if those other usernames can be linked with that email address, then all those accounts would be compromised. How likely? I don't know.

What's the risk? Spam, and, potentially, someone impersonating you on forums.

A relatively recent trend in internet services nowadays is the discouragement to use false aliases... so for example google and facebook want you to use your real name (as a matter of fact you are required to, according to their terms of use). For web forums etc, it depends on how you want to cultivate your web persona... If it makes sense to use the same name across different forums / sites then that could make it easier for someone to recognize you.

Examples of sites where you may want to be more private are on your bank website, your personal email contact, etc.

I have same user name in a lot of cases but use a password manager to create a unique password up to the maximum length allowed on each site. As for email addresses, I rarely give my real, everyday email address out. Banks, credit cards and the like get a "real" email address that I actively monitor, but I have a yahoo address I use for site registrations almost exclusively. They can deal with the spam, and I can always look if I have a password reset.

Quite often a site will ask you for an email address as part of the registration process, so it can send you a "confirm" email that you respond to, "confirming" that you are you (and not a bot or spammer or something nefarious).

Browsers often have extensions available that will produce a temporary email address, linked to your real address, so you can click on the "confirm" link in the email they send you, and the site (and any evil onlookers) will not realise that in fact the email address you supplied isn't really yours. I think for Chrome/Chromium the extension is called DoNotTrackMe (it does other useful stuff too, like stopping sites from seeing your browsing history - some sites are surprisingly nosey, including some that claim to be all for freedom and blah...).

In a more general, slightly less paranoid level, I have a few email accounts: a few gmail, a few yahoo, and one on a server run by a hacker I "trust". I use a select few for financial stuff (ebay, paypal...), different ones for friends, "friends" and acquaintances, and the one I trust most of all is known only by real-life offline friends. I don't bank online; but if I did, I'd try and get another "trustworthy" account. Maybe even run my own email server especially for it. But now I'm veering towards clinical paranoia again (or am I?)

I once faced a funny situation because I used the same username in two aquarium related forums.

On forum A someone suggested that I should return some of my fishes to the store coz according to him I was overstocking.

On forum B I was using the same username and that guy recognized me and when he found that I haven't returned the fishes, he asked me "So you didn't believe me ?"

Personally I use the same user name on lots of sites because I want people to recognise it's me. This is particularly important where sites are related.

For example I can be found here, on AskUbuntu, on Ubuntu Discourse in the Ubuntu IRC channels and on Launchpad. Because all these are Ubuntu support I feel I should have the same name and where possible avatar on all of them. I do use a password manager and have different passwords though.

If a site is totally unrelated, and you want to keep some anonymity you may want to have a different screen name on other sites, but keep separate passwords so if one site is compromised nobody can take over your other accounts.

Same here.. I am using my same username (not same password, naturally) in Ubuntu, Fedora, openSUSE, Kubuntu, Zentyal, Chrome OS Lounge and Xfce Forums. I've even gone from using the same skull picture with some slight change for the specific forum to using coffee mugs.

I do this so I am recognizable and have run across a number of people in multiple forums.

Of course, for my Microsoft (MSDN, Channel9, Windows blog, etc.) and more professionally-orientated sites I have another alter-ego I use but similar deal.

Now porn, or questionable, sites I'll use something COMPLETELY unrelated as my username and not add an avatar or put any information to correlate with me. ;)

Quite often a site will ask you for an email address as part of the registration process, so it can send you a "confirm" email that you respond to, "confirming" that you are you (and not a bot or spammer or something nefarious).

While Microsoft is not the most trusted company, Outlook.com makes it easy to create alias email accounts that all funnel into one account/interface.

So you could, say, set up and account doofusatUBUNTUFORUMS@outlook.com for just Ubuntu forums, and one at doofusatFEDORAFORUMS@outlook.com for Fedora forums, etc. Any number of accounts with different usernames but only only need to go into one Outlook.com account to see any of the emails.

There is even a handy feature to automatically have emails to that account be placed in its own folder (labeled with the email account) making it easy to keep track of where it is from and all. Combined with auto-cleansing that will delete messages older than 10 days, for example, and your account can be kept pretty clean.

Of course this would be way too logical for me to actually do this, but hey! it's an idea.

Password managers are a popular approach to this issue. Unless it's a piece of paper you keep secured in your house, a password manager is a security risk unto itself. If it gets breached, they get it all, and know exactly where to go.

What is "bad practice?" It all depends on what you wish to avoid happening to you. No one wants to get stalked, harassed, impersonated, looted, kidnapped and beheaded, imprisoned without trial, or drone-bombed.

Personally I use the same user name on lots of sites because I want people to recognise it's me. Most people do not have the technical skill to afford this level of vanity. I do not think you can recommend it to the average user who doesn't know how to patch this gaping security breach.

Let's say you're a member of two sites, very distinct sites, and you don't your info on one the sites (forum posts, for example) being tied to the info on the other. This is obviously to avoid being identified as being the same person in both sites, which would help identify you in real life or just build a better profile of you.

If you use the same username in two different sites, it's pretty easy to do a search and find more info about you. If you use different usernames but keep the same e-mail, then it's not as easy, I'd say. E-mail is not normally public, so it would be needed a DB breach to make it so.You just answered your own question. There are a multitude of ways for someone interested enough to find where you used the same email address to create logins.

It's simple: if you want your activity on one site to remain permanently separate from any other site, then use unique email, username, and passwords for each site. The harder part is to keep track of all your accounts and to avoid any crossover. If we're talking maximum paranoia levels, then you'd even use different proxies for each account so no part could be tied to you.

@t0p - interesting. I hadn't heard of the browser extensions like that. Although with those you're trusting the add-on author and the browser (and Google if it's Chrome). That's a lot of trust for a lot of parties if your paranoia level goes to 11.

well yes - think things through, and create reasonable precautions and think up smart ideas, in case something does happen. i won't suggest any ideas, because i think it's better everyone does things differently - simply for security sakes

While Microsoft is not the most trusted company, Outlook.com makes it easy to create alias email accounts that all funnel into one account/interface.


Yahoo do this too, but I wouldn't trust them any more than Microsoft. Gmx.com do make it pretty simple to set up and integrate multiple addresses.

Personally I don't bother, I have one email address for everything. I have a couple of different aliases spread across all the sites I'm registered on, but not due to any security/privacy worries, it's just leftovers from past whims. My email address has been in continuous use for long enough that I don't consider it privileged information, hundreds (maybe thousands?) of people and companies must have it.

Yahoo do this too, but I wouldn't trust them any more than Microsoft.

I trust Yahoo! even less than Microsoft, currently.

A number of people who have been getting their account taken over and spamming everybody in their address book seems to be connected to Yahoo (directly or through SBCGlobal).

I started using Outlook.com in the beginning so I could have an email account that looked better than MyBigFatEmail@gmail.com on my resume! ;)