Securing Your e-mail Account

e-mail accounts are a pretty serious single point of failure, more so than I think most people ever consider. Recovery accounts and 2 factor authentication help (if you have them setup), but there is a new option that a lot of people won’t know about. email address aliases.

An idea I had some time back was to have a different login name for e-mail accounts to the actual e-mail address, since you address is public. Rather than login in with myname123@hotmail.com I would login with something like “mynickname987”. This isn’t a perfect security answer, but I think it could help in a lot of cases.

Later I had an even better idea (I’m full of them), what if I could have a different e-mail address for every sign-up I did. That seems like a logistic nightmare, but there is now a simple way to handle it.

For a long time Microsoft and Google (maybe others too) allowed you do add an extension to your e-mail address, such as “myname123+dodgywebsite@hotmail.com”. That way when you got an e-mail from a Nigerian Prince to “myname123+dodgywebsite@hotmail.com” you know that dodgywebsite leaked your e-mail address. Those bastards!

But what if the e-mail from that ‘Prince’ arrived at your actual e-mail address? It’s easy to strip out the “+dodgywebsite” part, then you don’t know who leaked it. Even worse, you actual e-mail address is now on some Nigerian Prince mailing list.

Outlook and Gmail now both let you add other accounts to your main one. Now I can do something like this:

Main account – “myname123@hotmail.com”

Alias account – “mysignup123@hotmail.com”

Sign-up – ” “mysignup123+dodgywebsite@hotmail.com”

Now if I start getting spam to my sign-up alias, I can create a new one and move everything over to that. This is still a lot of effort, so I’ll probably create a new alias each year and have another one for trusted sites.

Another benefit of trusted sites is making phishing e-mails easier to spot.

If I have the alias “mytrustedsites123@hotmail.com” and use the extension “mytrustedsites123+paypal@hotmail.com” for my PayPal account, then when I get one of those fake PayPal e-mails to any other address, it is even more obvious that it is a scam.

Obviously this is still a complex way of managing e-mail. Will the benefits out way the time and complexity. I suspect for most people they won’t, since most people done even take simpler steps towards better online security.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.