Your email is your password

We’ve seen enough of customer service’s backdoors. With an email and an address they are able to authenticate as yourself. I’d say that data used to authenticate is private and sensitive. While certainly not your fault, you can also easily defend yourself better.

So I propose that you treat an email address as sensitive as your password. For instance, if you google for my email many results will pop up; however none of them involve my email used for services where money is involved.

So, create an alias in your email provider that you will consider secure. Or an email and redirect it. Use this for login for important services that you certainly don’t want anyone to access.

Few notes:

• You probably want to use a different email for Facebook or other services used as Single Log In. While I do trust them not to randomly share my email, many services require Facebook login & email.
• Don’t use this as your primary email. I made the mistake to default to this secure email as my default answer from. You might write hundreds of emails per year, and you cannot know who gets hacked or doesn’t treat your email as sensitive information.
• Emails are stored plain-text so they are not really passwords. However your average social-engineering Joe doesn’t have access to these. When a breach is announced, change that email everywhere you used it.
• This also somewhat protects you if you reuse the same password everywhere. However I doubt anyone reading this far does that.

So go ahead and create alias. It could be peter-rr327gf@gmail.com, sarah-554fg@hotmail.com or whatever you choose. Or better, let a Password Manager handle the random characters for you.

While it’s convenient to have the same email in every service, your blog and your ICANN public registration, it’s not nice to get your money stolen.

Please share with those you care about or who have had an account stolen with social engineering in the past.