Hey, howdy, hallo,
I think it’s pretty common knowledge at this point to use different passwords for each online account (or maybe it’s not). So that if the service is compromised and your password is leaked, an attacker can’t use your password on other sites you might have accounts on to gain access. But what about sites that use your email as your username? I’ll admit, I just started doing this ~9 months ago, but it’s been great. Let’s talk about using individual emails for each service.
It is an extra step or two, there’s no denying that. Similar to how when you use a unique password for each service, which leads to relying on something like Bitwarden as a password manager. You’ll need something to manage your individual, unique email aliases. I use SimpleLogin because it’s included with my paid ProtonMail plan. There are some other services out there like addy.io and FirefoxRelay, but I’ve only used SimpleLogin.
The next time you sign up for an account, instead of putting in your regular email address, you use one of these services to generate a unique email alias specifically for that service. Now you have a unique email and password combination. When an email is sent to that unique alias, it’s forwarded to your main email, so you still get all your messages in one spot. Let’s say that service you just signed up for is compromised, all that’s exposed is that unique email alias/password combination.
Even if a malicious actor tries that combination on another service you might use, an account with that email doesn’t even exist. This greatly limits your exposure. Additionally, you might even find the service is compromised before they tell you. If you start getting strange spam/emails to that email alias, it’s likely the service was compromised and malicious actors have sold that email list.
These services typically use shared domains to generate these random emails. That means you and others will be using these domains. While it’s not inherently bad, it means you don’t own the domain. So for some reason, if you lose access to the service, you lose access to those aliases. If you don’t use a custom domain for your email as it is, then this is no different than Gmail or another provider locking you out of your account. It also means you’re more βlocked inβ to the service. In my case, with SimpleLogin, if I want to move away from ProtonMail, I would need to also migrate all my aliases to another provider. So that’s something to keep in mind.
I’ve also seen that some sites completely block you from signing up with these shared domain email aliases.
I also don’t use aliases for my important accounts (aka financial related). Specifically, for the reason I mentioned above. For those services, I want to use an email where I own the domain. It’s also worth noting that for most of these services, you can add a custom domain (one that you own) to use with them.
Of course, there are a bunch of other edge cases, but I would rather not turn this email into a book. The main point is to mention these services exist and if you’re interested, check them out. I think they can be a valuable asset.
I hope you had a great September, and I’ll see you in October.
-Josh
Abandoned places fascinate me. This site has some amazing photos of an abandoned theme park in New Orleans.
π§ SQL Slammer β Hear about the tiny 376-byte worm caused massive internet disruptions worldwide in 2003.
π§ Code Red β From defaced websites to failed DDoS attacks, and the eventual rise of the dangerous Code Red II, learn all about the Code Red worm.
π₯οΈ GrapheneOS: After 3 Years, This Is How I Install Apps on My βDe-Googledβ Phone - I walk you through how I install apps on my Google Pixel running GrapheneOS after 3 years of testing and refining my setup.
π₯οΈ GrapheneOS Tablet: 1 Year Update and All the Apps I Use - I’ve really enjoyed using the Google Pixel Tablet with GrapheneOS installed over the past year. In this video, I cover what I primarily use it for and all the apps I have installed on it.
π‘ Yellowball is a podcast hosting service I built and run. I didn’t like the options out there when I wanted to start my podcast, so I built the service I wish existed. It’s where I host my show, In the Shell. If you’re interested in starting your own show, checkout https://yellowball.fm for more information, or reply to this email if you have any questions about it.
βWe are what we pretend to be, so we must be careful about what we pretend to be.β
I intentionally don’t include any tracking or analytics in my emails, which makes it tough to tell if anyone actually reads them. If you enjoyed this email, feel free to reply with a π£ββοΈ and if you didn’t write back one sentence on what you would change.