The days of having one email address are over. We are putting all our eggs in one basket by having one address. If someone hacks that account, we could be in big trouble.
Guessing An Email Address
Guessing an email address can be easy. We can guess an email address by trying any of the following:
What is the chance you have this email address?
Social Media Accounts
We often post too much information on social media accounts. We post our name, location, recent activity, links, and more. Someone can use this information to deduce information. They can guess an email address, figure out security questions, or even take it over. We are making it easier for someone to guess our email address.
Taking Advantage of Email Tags
We can be in big trouble if our important accounts use the guessable address. We can reduce this exposure by using email tags. We can sign up to a bank website with the email FirstName.LastName+SomeUniqueTag@gmail.com. Many email providers and online accounts support this capability.
Taking Advantage of Many Addresses
Services like Gmail make having many addresses cost-effective. We can have a different email address for a different purpose.
FirstName.LastName@gmail.comfor emailing friends and family.
FirstName.LastName.DesiredJobTitle@gmail.comfor job hunting and resumes.
FunPseudoNameOrHandle@gmail.comfor non-important accounts.
SeriousPseudoNameOrHandle@gmail.comfor important accounts.
AnotherSeriousPseudoNameOrHandle@gmail.comfor your password manager.
Make sure you use a "PseudoNameOrHandle" that someone cannot guess.
You may also use email tags to make it more difficult to guess the email address. For example, using a SeriousPseudoNameOrHandle+UniqueTag@gmail.com convention per account.
Has Your Email Address Been Leaked?
You should check whether your email address has been leaked. You can use Have I Been Pwned to check all your email addresses. Create a new email address and start moving your accounts to that email address if you have been Pwned.
Using different email addresses as a cybersecurity strategy can reduce our risk. But make sure to follow good security hygiene. Use a strong, unique password for each account. Enable two-factor/multi-factor authentication. Update your passwords regularly. Also, check all those email accounts to avoid missing important messages.
A Note from the Author
Join my mailing list to receive updates about my writing.
Visit https://miguelacallesmba.com/subscribe and sign up.
Stay secure, Miguel.
About the Author
Miguel is a Principal Security Engineer and is the author of the "Serverless Security" book. He has worked on multiple serverless projects as a developer and security engineer, contributed to open-source serverless projects, and worked on large military systems in various engineering roles.