Ask HN: Best-practices for email and account hygiene?
I've recently noticed increasing notifications (both via email & 2FA) of attempts to break into various accounts (extant and not). I've enabled 2FA wherever it's available and every password is unique via LastPass, but all the notifications I've been getting have me alarmed. For example:
"We received a request to reset your password on BestBuy.com. However, we don't have an account associated with this email address..."
This, combined with the uptick of spam getting through gmail's filters, has me considering the daunting task of migrating all of my accounts from me@myname.com to... something else.
I'm curious about the experiences & lessons learned from others here who may have gone through something similar. My current plan is to migrate to accounts+bestbuy@myname.com, accounts+amazon@myname.com, etc, and to isolate human-to-human correspondence at somethingelse@myname.com. But I'm open to alternative strategies.
5 comments
[ 2.8 ms ] story [ 20.7 ms ] thread1PW creates an unique email for each one of my accounts.
That said any email provider that allows you to use your own domain will likely support aliases, which also should do the job.
I do find that there is inevitable lock-in with any email service due to the massive amount of online services (141 keepass entries) with most linked to either a fastmail email alias or my main account email. Some have suggested paying the extra yearly cost to use a private domain name to enable moving to a different service without needing to update all your accounts, but then you are beholden to both renewal of the domain name AND the increasing yearly renewal of your email service itself. It is not a solved problem, only sacrificing one tradeoff for another.
I would recommend most people maintain an email address with Google or Microsoft as your primary interface for online accounts. The sacrifice in privacy is worth the extra reputability, experience, and time/money saving. It's still a principled approach in some ways.
In a similar vain I've thrown my hands up and have begun using the integrated password manager in firefox and I wish I'd done it sooner. So much time saved farting around with passwords. Massive security vulnerability as you can simply hop on my computer, open the browser, and inspect all my credentials. Worth it!
Overall I find this system very easy to use. If you are outside the Apple system you can use the web interface for managing your email addresses, but it's missing some small features: for example, you can't see when's the last time an email address has been used.
I dont use these services for their 'anonymous' addresses, but for managing using multiple unique addresses. Others have mentioned the apple equivalent.
Unique email address per thing in much the same way as you have unique passwords. Emails forward on to my main address.