Insights For Success

Strategy, Innovation, Leadership and Security

How to protect your online accounts from breaches

GeneralEdward Kiledjian
simon-maage-xw-vvvXq3rA-unsplash.jpg

Here's a personal suggestion that will help secure your online accounts and notify you if a service has been breached.

You should first use a good password manager. I personally use 1Password. Try BitWarden if you want a free open-source alternative. Start using a unique and complex password for every site you log into online.

The majority of users will use a long and unique password for each site then log in with their "main" email address. This is good, but it is better to use unique masked email addresses for each site.

How do you create unique email addresses for each login?

  1. If you live in the Apple Ecosystem, you can use their free Hide My Email functionality. In spite of the convenience, ease of use, and reliability of this method, you end up locked into Apple's ecosystem even more. Depending on your situation, this could be an ideal solution or a problem.

  2. AnonAddy is another option for anonymous email forwarding. A free and open-source project, AnonAddy can be self-hosted or you can purchase their hosted service (tiers include free, $1 a month for their light service, and $3 a month for their pro service). If you trust AnonAddy, it is a reliable and cheap service. Third-party services (not Apple or Google) also free you from ecosystem lock-in. I tested their service for six months and found it to be very reliable.

  3. The final option is to use a service other than Google that provides masked email addresses. One of my email services is Fastmail, and I often use their masked email service directly or through 1Password.

 I have a number of web domains I can use to generate the masked emails, but one of the keys here is to blend in (so I use @fastmail.com or one of the generic domains offered by other services). The reason I do this is to prevent attackers that obtain a website's user list from tying it back to me (easily).

Summary

Each site I access has its own masked email address and a machine-generated password that is long and complicated. I also use 2-factor authentication if it is available.

 As soon as I start receiving strange emails on one of my masked addresses, I know the site has either sold my information or a hacker has breached their site (and they may not even be aware of it yet). The last year I have detected and notified 2 businesses of breaches.