Get Rid of these Usernames, Once and For All – Ultimate List of baddie usernames

Facebook Twitter LinkedIn Pocket Email

Last Updated:

Facebook Twitter LinkedIn Pocket Email

Bad Usernames and Security

When we talk about security all the attention goes to the password and the password is the ultimate show-stopper when compared to the username.

And password strength is a measure of the effectiveness of a password in resisting guessing and brute-force attacks and is a function of length, complexity, and unpredictability.

A simple common username allows the job of cyber criminals easy when they try to break-in to your system whether it’s a CMS or your intranet. Last year, the username admin was targeted by cyber criminals in the large scale bruteforce WordPress attacks.

[ctt]A good uncommon username is the most trusted brethren of an awesome password.[/ctt]

The Baddie Username List

Since we cannot categorize usernames based on strength but only on the factor of acquaintance, we’ve listed the frequently used username(s) below.

Don’t stop scrolling, the list is too long 🙂

  1. 111111
  2. 123456
  3. 12345678
  4. abc123
  5. abramov
  6. account
  7. accounting
  8. ad
  9. adm
  10. admin
  11. administrator
  12. adver
  13. advert
  14. advertising
  15. afanasev
  16. agafonov
  17. agata
  18. aksenov
  19. aleksander
  20. aleksandrov
  21. alekse
  22. alenka
  23. alexe
  24. alexeev
  25. alla
  26. anatol
  27. andre
  28. andreev
  29. andrey
  30. anna
  31. anya
  32. ao
  33. aozt
  34. arhipov
  35. art
  36. avdeev
  37. avto
  38. bank
  39. baranov
  40. Baseball
  41. belousov
  42. bill
  43. billing
  44. blinov
  45. bobrov
  46. bogdanov
  47. buh
  48. buhg
  49. buhgalter
  50. buhgalteria
  51. business
  52. bux
  53. catchthismail
  54. company
  55. contact
  56. contactus
  57. corp
  58. design
  59. dir
  60. director
  61. direktor
  62. dragon
  63. economist
  64. edu
  65. email
  66. er
  67. expert
  68. export
  69. fabrika
  70. fin
  71. finance
  72. ftp
  73. glavbuh
  74. glavbux
  75. glbuh
  76. helloitmenice
  77. help
  78. holding
  79. home
  80. hr
  81. iamjustsendingthisleter
  82. info
  83. ingthisleter
  84. job
  85. john
  86. kadry
  87. letmein
  88. mail
  89. manager
  90. marketing
  91. marketing
  92. mike
  93. mogggnomgon
  94. monkey
  95. moscow
  96. mysql
  97. office
  98. ok
  99. oracle
  100. password
  101. personal
  102. petgord34truew
  103. post
  104. postmaster
  105. pr
  106. qwerty
  107. rbury
  108. reklama
  109. root
  110. root
  111. sale
  112. sales
  113. secretar
  114. sekretar
  115. support
  116. test
  117. testing
  118. thisisjusttestletter
  119. trade
  120. uploader
  121. user
  122. webmaster
  123. www-data

The above list is incomplete, there may be hundreds that I forgot to include, if then please don’t forget to tell us via comments. Thanks in advance.

Do you know? 

The username admin is one of the most popular and commonly used usernames for the custom coded web apps.

How will a weak username affect me?

A weak or a commonly used username is more prone to dictionary attacks than an uncommon one.

Also the situation is worse for poorly coded custom web applications than other web services like GMail because the developer or your system administrator might have forgot to implement any anti-brute-forcing mechanisms.

Services like Gmail have their own security measures to safeguard against bruteforce attempts like showing a CAPTCHA after a few unsuccessful login attempts and other highly advanced application level and server level security measures.


Just for fun!

Here are some easy alternatives to tickle your creativity if your are looking for weird or funny usernames.

funny username genarators

Note: Some of them generates NSFW usernames 😳

Seventh Sanctum – Evil Name Generator

The Extremely Bad Name Generator

Funny Mean Names

Random username generator

What you must do ?

It’s not all recommended to use any of the above username(s) as your username for your CMS/CRMs/e-commerce systems etc. especially if it’s self hosted by you in your hosting account or dedicated server blah, blah…

If possible try to change the username via the backend database or better try to avoid them in the future. If you lack the technical expertise to change it via the backend database, seek the help of professionals.

I’m not saying that you should change your web-mail or social media account’s username now. But in the future, take care not to use the above ones when creating new accounts in any online services.

Most of the online services will not allow you to choose usernames like root, admin but don’t take any chances; just because a lazy developer has forgot to put the check in place and stay away from the above mentioned usernames.

Also the current trend with online services is to substitute username with email and most of the online services now uses your registered email for login than an username.

(There are other tech methods to take care of dictionary attacks and to safeguard yourself, but it’s outside the scope of this article.)

You will like...

Meet the Author
Mithun John Jacob

I'm the founder of MotiveSense; My mission is to make small and medium-sized business more web savvy and also to guide them to leverage their existing resources to focus on sustainable growth rather than quick wins. Personally, I'm a lazy blogger, a reasonable developer, a rookie philosopher, a Hollywood devotee, a motoring enthusiast and a voracious technocrat.


I found your post really helpful.
Thanks for your such a post.


You are welcome, Gaurav


It's your turn, join the talk...

Your email address will not be published. Required fields are marked *