Making email addresses as secure as passwords

I do know someone who deliberately picked a hard-to-remember email address, something like 9fytyth@hotmail.com because that looked professional. No, I have not one single idea either. I’d email to ask her why, but I can’t remember her address.

However, friend-of-the-blog Daniel Hardy has spotted another, better, easier-to-do way of making an address that’s hard to guess. Easy to remember, hard to guess. He tweeted:

I remember you saying you use this to combat spam, turns out it’s good for security too
Tweet – Daniel Hardy (3 September 2014)

The thing I’d use to counter spam was creating sort-of fake email addresses. They’re only sort-of fake because they really work. But they’re not your real one. What I really recommend is getting your own domain name so that you can make up any address, any time. So I might sign up for Tesco with an address of tesco@williamgallagher.com and it will work. But should Tesco ever sell out its email address to, say, an alien invasion force from beyond the stars, I can just block anything sent to tesco@williamgallagher.com.

But there is now also a very smart way to do this without the trouble of getting your own domain name. If you’re a Gmail user and your address is, say, Al.Phabet@gmail.com then you can give Tesco the address Al.Phabet+testco@gmail.com and it will work. It will work, the fine people at Tesco will be able to email you whatever it is they burn to email you, but at any time you can nobble this new address. And at no time do they know your real one.

Dan saw this on The Verge which goes on to say:

Now, this is not a security panacea by any stretch. You should still be using a password manager to help you keep track of all your different passwords — and now, different email addresses. If you forget the specific email address you’re using, you’re even more out of luck than you are if you forget your password. If you don’t even know the email address you registered with, you won’t be able to even get to those security questions. I personally use 1Password, which I like because it securely stores my data in the cloud (yes, there is an irony there), but there are others like LastPass that seem generally trustworthy.

How to make your email address as hard to guess as your password – Dieter Bohn, The Verge (September 3, 2014)

The full piece does cover the times that this can’t work. And while this particular trick is specific to Gmail, the piece goes on to at least begin covering some similar things you can do with Outlook and others.