Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

10 comments on “Do I Need a New Email Address if Mine Is Involved in a Breach?”

  1. Saw this online one of the latest scams to bypass two-factor authentication is

    “Somebody called me with this phone number {phone number removed} telling me he was doing some registration online and he mistakenly put my number on what he was registering, that my number is similar to his number and that the password of what he was registering was sent to my phone which I actually saw as {removed}.
    He was now appealing to me to give him the reset code that was sent to my phone so that he could finish his registration. I told him to call me with the number he claimed was similar to mine so that I could verify his claim, he told me he didn’t have credit in that line.”

    Reply
  2. Somewhere — for the life of me, I cannot find the place where, (or I’d post this there instead of here), you said, “Breach and breach, what is breach?”

    To which I, of course, reply in due form: “You are not morg, you are not eyemorg!” 🙂 🙂 🙂

    Reply
  3. Part of the problem here is that so many sites want you to use an e-mail address as the userid for their site.

    Ideally you should have a different userid for every site just as you should have a unique password for that site.
    That reduces the apparent commonality of your identity across sites.
    Keeping track of the different userids becomes a task for your password manager.

    A site needing a way to contact you (even if it is to reset access credentials) should verify your contact details (e-mail, phone no…) and then store them securely (encrypted) to reduce the risk of the e-mail address being publicly available as a result of a hacking operation.

    Some people I know use a different e-mail address for very sensitive sites (generally financial) from the address used fir day-to-day usage.
    While this is “security by obscurity” it does reduce your attack surface presented to a hacker.

    Reply
    • Using a unique user-ID offers an insignificant security advantage. A long strong password is the best protection for your account. Even adding one character to a password is hundreds of times better than using unique user-IDs.

      Reply
  4. I use a different email address for each online account. They are provided to me by an alias and remailing service. My main one is Anonaddy now, but I have used 33 Mail and Spamex in the past (don’t use Spamex anymore : it’s obsolete and unsafe).

    The huge advantage is it kills spams in its tracks. Preventing spam is a security measure of sorts, since spam is a huge annoyance to begin with. But it may also bring malware, scam attempts, phishing attempts, ransomware…

    Once one has made a habit of using unique and strong passwords, I would advise to start practising unique email aliases. The added peace of mind is invaluable. Not to mention that Anonaddy and 33 Mail have very generous free plans. Simple Login can be considered if one is ready to pay.

    It’s not, however, a means of adding security in the sense of preventing hackers from knowing your user name. This would be rather futile. Even unique email addresses are meant to be public.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.