Why You Need a DIFFERENT EMAIL Address for Every Account
ฝัง
- เผยแพร่เมื่อ 8 มิ.ย. 2024
- Most of us only use one email address for everything online. This is much less secure than you think. Data breaches happen all the time and it's just a matter of time before your personal information gets leaked.
Which is more sensitive: your password or your email address? While your PW is important, your email address is often a unique identifier to you online.
In fact, your email address may have already been compromised. A great way to find out is by using haveibeenpwned.com.
Creating and managing multiple email addresses may seem overwhelming, but it's actually easier than you think! Blur by Abine, 33Mail, Maskmail and SimpleLogin all provide platforms to manage a large quantity of addresses.
And while these are all great resources, our top recommendation is AnonAddy. They provide custom domains, GPG keys, reply accessibility, it's open-source, and you can self-host on a private server.
Overall, compartmentalization is a key principal for leveling up your cybersecurity. Using unique email addresses, along with passwords, is one of the best ways to implement this principle online. That way, even if one of these services are breached, your personal information won't be leaked--just your masked email accounts.
00:00 Intro
00:37 Advantages
02:47 Was I Pwned
03:28 Managing Multiple Accounts
04:23 AnonAddy
07:12 Compartmentalization
08:34 Data Breaches
09:47 More from Cyberspatial
What are you waiting for! Let us know in the comments if you're going to use multiple addresses or just stick to one!
Resources 👇
AnonAddy: anonaddy.com
Abine: www.abine.com
33Mail: www.33mail.com/
Maskmail: www.maskmail.net/
SimpleLogin: www.simplelogin.io
Pwned: www.haveibeenpwned.com
#Cyberspatial #CyberSecurity #AnonAddy
Thank you for making these videos about digital security, I'm learning a lot of things!
I have a question though: is 2fa enough to prevent a hacker from logging in into my email account (presuming that they don't know my phone number)?
CahGames If you're in a targeted attack, a hacker can combine phishing with a web proxy to do a man-in-the-middle attack:
1. Link takes to you real fake login page. You enter credentials
2. Attacker passes credentials to the real login page (automated)
3. Real login page sends you a 2FA code
4. You input the 2FA code to the fake login page.
5. Attacker passes the 2FA code to the real login page.
6. You get redirected the real login page.
7. Both you and the attacker have a real login cookie.
I recommend you use a hardware security token like Yuibkey, with U2F FIDO whenever possible instead.
@@Cyberspatial if I have a 2fa app on my phone I think that would that still be vulnerable to a MitM attack right? How would a yubi key protect me from this? Honest question here as I'm trying to learn and build a better security model for myself.
@@phukhue289 If you receive a phishing link tha proxies your connection to the real site, you may be tricked into authenticating. The attacker would then be able to MiTM your login cookie and sign in at the same time as you. Using a security key mitigates this because the U2F FIDO standard checks for domain spelling to match. Register websites with a backup security key in case you lose the primary.
@@Cyberspatial Sorry, but can you please enlighten me how helpful is this...say example if they can hack the bank..it means they can also see our other details such as fullname etc.
@@Cyberspatial I mean the AnonAddy...but I super appreciate the content....
this is an en example of what an educational video should be. No trying to be cute, acting, gesturing, flirting, empty talks. THANK YOU. Can you update for 2024?
You are a Godsend. My bank accounts have been breached about twelve times. I never thought of using different emails., or double passwords. Thank you so much.
12 times is extremely high. Are you still having problems?
@@Jack-it2pe The same person mostly, because I wasn't checking my account..
That Chase email looked pretty well done, I like how they put individual transactions on that. Clever!
One of the best youtubers I have ever watched! Keep up the good work!
This channel deserves to blow up!!
Thanks!!
I wish I knew this information much earlier. Currently the amount of online accounts of me have quadrupled the last 2 years. I will try to use this service from now on.
Underrated TH-camr. Good work!
I appreciate that!
I would love to watch the entire video, but the loud music makes it impossible for me to listen to you.
Incredibly well produced! Subscribed.
Welcome aboard!
top notch content and incredible production quality!! subscribed!
Thank you! Welcome aboard! 😊
This is new information to me. Unsure about the services reliability though as no experiences. Thank you for the video.
Invaluable information. Subbed. Thank you 👊
Awesome, thank you!
Just got started with maintaining privacy online, your videos are really helpful! Thank you!
Appreciate it, shoot us a note if you've got any questions maybe we can address in another video.
@@Cyberspatial I wanted to know about cloud storages which are secure and encrypted, I've heard the Google drive and One drive aren't that secure or privacy centric, they use it to track you
Evan Sequeira Great topic. Currently there's two paid cloud storage providers with a good reputation. One is SpiderOak and the other is Tresorit
There is a wonderful app called Cryptomator designed for use with existing cloud providers like Google, OneDrive, or Dropbox. It basically encrypts your data locally first before syncing. The vault is mounted as a network drive.
Check it out: cryptomator.org/
Okay thank you soo much for your help sir!
A bit late to the party, but how would you say this compares to doing random aliasing and using a catch-all address on a domain you own? As I see it, that would yield a similar outcome without the need for another service than my webhost.
Thanks for this excellent advice !
I love this concept because I teach and use having over 20 email addresses based on category. So basically anything you would make a folder for is just an independent email address. My clients aren't always sold on the security part because they figure their passwords and 2FA will save them. However, the not having to make filters part, no-spam, and device discrimination is appealing. My question is: with either one of the vendors you suggest, do you have to forward to a single email address or is there an option to forward to multiple email addresses? Example, Financial has it's own email address, so can the 10 generated email addresses for logins forward to the dedicated Financial email addy while the 15 generated email addresses for Travel be forwarded do the dedicated email address for Travel or does everything have to forward to a single email address?
very well done! thank you for sharing!
This is a great service review thanks! I will be checking them out
This seems like waaaaaay to much of a hassle. I wouldn't be able to deal with all of this.
It would drive me crazy!
I've just found my email was found in 6 data breaches... this explains the spam emails I've been receiving.
EDIT 1 MONTH LATER: I couldnt help but give it a try. It's actually very simple to implement and once it’s set up its VERY easy to the point I don't even feel like I'm doing an extra step.
The key is to transition slowly so that you give yourself time to get the hang of things (I'm still in the process after 1 month and have no plans to do it ASAP)
not a hassle at all, just lazy
@@MixedDrew
Not lazy at all just overwhelmed
i can agree@@monkeyseemonkeydo432
I have a bunch of accounts. Took me about 3 months. A little here and there a day. It’s worth it. I got data breach and spammed so many times on my yahoo mail. Now i use Custom domain name and masked emails. I love it. I really like it if a company gets too spammy and “doesn’t get the hint” when i click unsubscribe and they keep spamming me, I got to that email name and delete it. Or you can reject it.
Just found this video, thank you, and I subbed
Fantastic video.
What do you do with emails for friends and relatives? Aquaintances?
thank you, i did this
Great suggestion but I have a question. Most platforms, e.g. Facebook, asks to login using your email address. Does this mean I would have to either memorize the cryptic email address or log into the anonaddy account and copy the lengthy address to log into Facebook?
Brilliant!
learning as i go.
Great video man. Maskmail is shutting down.
Great Job
A really nice video !
It's even weird that you only have 1.6K subscribers
Appreciate it. We've just started, hope to reach more people soon1
almost 10k now
huh thanks to supporters like you!
Hurrraaaayyyyyy!!!!!its 20k now
@@vamsidharreddy3383 Thanks for the support!
Interesting concept! Hadn't heard of this before. One question though, wouldn't this break a lot of protections on your main email account (SPF, DMARC, spam filtering, etc) since everything being sent to it is forwarded via the email service (blur, 33mail, etc) which you're essentially whitelisting? It almost seems like it'd be better if your email provider themselves (gmail, outlook) implemented something like this and provided it as a feature that way they could still integrate all their normal protections. I'm curious if email providers pick up on this at some point and offer their own solution. Also, I guess the email randomizing service (blur, 33mail, etc) could also just integrate their own spam/phishing/dns auth protections into the service before forwarding it.
You really mitigate spam because ideally each email is shared with only one online account. You can create inbox rules to whitelist those masked emails. AnonAddy and SimpleLogin both handle the SPF/DMARC/spam filtering as well.
Haven't gotten spam this way in years. Only the true email address has received phishing and spam because someone in the contacts list got hacked, which leaked it.
Apple is looking to do something like it. If you have a fastmail account with custom domain you can created unlimited aliases. And agree this would be interesting down the road if the big providers do it. Protonmail already gives you multiple aliases (limited) on a paid account.
apple's icloud email service has implemented it a few weeks ago
Finding this video is so informative, even if made over 2yrs ago. Very much appreciated. 🩷✨️
Also, I know some companies will send emails/letters, stating your information was breached.
I hate seeing articles saying "If you're a customer of said company, you might be entitled to a settlement." By the time those are written by someone, the closing date to apply for a pie of the settlement is pretty much close to closing.
I like this approach because then you know a breach happened and then look for the settlement info asap.
That way, even if you have to go through the step of answering questions pertaining to the timeframe/dates a breach happened and how you were affected, you already know you qualify for a settlement.
Great video! Is it wise to use the same recovery email address for different email accounts, or does that just connect my data together?
If you're concerned about data breaches and those recovery emails being linked together, then it might be wise to use a masked email for them all
For example. You go to a dentist, Dr's office, Mortgage lender. When you fill out their forms and they ask you for your E-mail. Then what do you do? I have been notified of data being stolen from places like that.
Have a dummy address? I have 2 main adresses. One for trash stuff and another for more serius trustworthy data
What's a dummy address and how do you create one? I'm new to all of this
@@marianomontiel
Any reason you didn't bring up SimleLogin?
can you do a video comparing the different email masking services to each other and which one you'd recommend and why
Thanks for the recommendation, though currently, they're not too different. We have actually interviewed the founder of mask email service. Check it here SimpleLogin.io, th-cam.com/video/ev048iqDZC8/w-d-xo.html
what if you have to provide your email address in person? btw, I'm going to give this a try along with proton.
Really great content bro what about ur opinion abt Anonaddy vs protonmail
Naveen I would recommend Protonmail for your main inbox and AnonAddy for forwarding addresses.
@@Cyberspatial thanks brother
but what if I make a google account for example and don't log in for 2 years, when I return will my account still exist?
Oh my God that's too much work if an email different password how the heck am I going to remember all that
@5:20 come on, how many people put in their email password right there? It's so non-descript, there's no way that's an accident. Pretty slick.
If you have multiple emails but on the same Google account, is that still putting you at risk?
I use two emails.one for all entertainment and it's safe. but the one I used for academics in standard sites is breeched🤦🏻♂️(found using link you refered). although useful great content.
Awesome! Depending on your threat model may not need a unique one for *every* site.
What does "Add a public key" mean?
Here's a question, currently I am 12 years old and have 2 emails. One for my school and one that's for social media and videogames. When I get older and start looking and applying for jobs I am concerned my personal email will be too silly so I want a new email but I'm also afraid that when I grow up I will lose my email for the videogames. Should I stick with my current personal email or should I change it?
Thank you for taking the time to read this.
Edit: I just found out my dad has been pwned in 6 data breaches
Thanks for the thoughtful question!
You can create a professional email using ProtonMail, which probably has more name options than Gmail.
Then use a masking service for every other account to forward either to your personal one or your professional one.
The one for social media and video games recommend you just change those to masked ones.
Use a password manager to track everything.
I've had weak passwords and to be honest the same passwords but lots of different email addresses done this for years lol I'm also considering a new email that isn't linked to any important accounts to hand out to contacts so my email isn't as much known is this a good idea to?
Yes you want to compartmentalize your emails. An email address just for new acquaintances is a helpful start.
Do you use it for bank accounts too?
what if the server goes down or something?
For everything, though that is certainly a risk calculus you have to make. Recommend using your own domain for masked emails. If the server goes down, you can point the DNS records to another provider like Fastmail or SimpleLogin.
I just use a password manager, same effect.
How secure this service is and how they will fund their program?
They fund through paid accounts. Software is open-source. You can self-host if desired.
that raidforums icon is hot ngl
Lot of people into anime.
This is an honest question, not meant as a disparaging remark against the UK or AnonAddy considering the UK is basically a surveillance state and against privacy, isn't using AnonAddy a little counter productive
Great question! AnonAddy's servers are hosted in Netherlands with Greenhost[.]net. In this case your counterparty would be the Dutch government and/or Interpol. If you're really concerned, the software is open-source so you can self-host if desired.
I suppose i can just get a minor degree in TH-cam Cybersecurity from this channel
You can learn a lot from TH-cam content creators :)
I wish they also have this option for phone numbers...... some important apps I'm interested in require phone number one of them is 3rd party secure 2FA, well I don't want my personal phone number stored on some server so I'll just keep using unsecure 2FA lol
MySudo, Linphone+Twilio, Google Voice, are options. 2FA you can buy a Yubikey.
@@Cyberspatial Yubikey is only useful if the account offers it as an option
@@norrinradd8923 or it has sso so you can use a 3rd party idp w/ hardware key
I have 2 email addresses and I only use 1 for all my social media accounts. So it's fine👍 right?? RIGHT! Sorry for yelling. But yea, I use 1 email for all of my social media accounts but I use different passwords. Ok, I might've also used my second email but only once
I wish I knew to do this 23 years ago.
Why can't I just use several Gmail email accounts?
❣️
Christ 🤯 - I can barely remember more than 2 passwords… watching this video gives me a headache!?!? And I am in my mid 30’s. Was searching to see if I could use my gmail email address to create a Microsoft account, and found this.
After watching this, I feel doomed 😂🤣😫😫😭😭
By low value alias, did you mean another forwarding address?
Yes.
Hahaha.... 5 data breaches and i know i used the same exact passwords for like 8 years. My email could log in to like half of all things ive signed up for
Hope you sleep well at night 😂
2:40 even all of these so far people not click any of them its not 1990 anymore LOL and email address can random generated uh
❤️
🙌
What I don't understand is; no one knows your password but companies keep telling you, you have to add longer and longer passwords that have to be more and more complicated for no reason at all. My bank asks me on thing. What is your mother's maiden name? Simple.
What about SimpleLogin?
Another great option. Interviewed the founder actually, stay tuned!
@@Cyberspatial Simplelogin is so good! Can be self hosted and has built in browser plugins to generate aliases. Love the service. Great vid!
👍
Thanks for the thumbs up!
@@Cyberspatial Absolutely. I am in school for comp science and concentrating in cyber security. I appreciate you and the channel you've made immensely.
Is this free
4:26
for the algorithm
Thank You!
Is this video sponsored ? (Just curios, it seems like a legit tool)
No it's not :)
Voluntarily recommended.
☝️☝️☝️
He is too good for any kind of hacking
i created to many and it’s annoying damn my childish brain
🤣
bruh
pure BS!!