Assessing Your Email and Password Habits Through the Lens of Privacy and Security

Assessing Your Email and Password Habits Through the Lens of Privacy and Security A familiar scenario: you need to make a purchase, book a flight, or schedule an appointment online—and you’re forced to make an account in order to proceed. You figure you’re likely never going to use this account again, so you use your ‘less important’ email and one of your memorized passwords for convenience. Most people can tell you that reusing a password is bad practice, however fewer people are talking about the privacy faux pas that is reusing an email. There may be other people with your first and last name, however an email is like a fingerprint, and should be treated like one. A bad actor or data reseller only needs a single piece of information to link public or breached data together into a single, comprehensive file. Most commonly, this is your email. If you’ve given your phone number to one company and your home address to another using the same email, then in the case of an unscrupulous TOS (Terms of Service) or data breach, suddenly these pieces of information can be linked. The idea of needing an entirely new email for each account you create can seem pretty overwhelming at first, especially in this era of every phone app requiring an account. However, there are some reputable tools that can make this much more convenient. The first thing you’ll want is a password manager, which will serve as an email manager as well. There are two general options, which will depend on your threat model: - An offline password manager, which you must manually add to new devices - A cloud-based password manager There are pros and cons to each style of password manager. With an offline password manager, you don’t have to worry about breaches of the company’s cloud server, but it can be somewhat tedious. It is, however, the lowest risk way to store your passwords outside of keeping them in a notebook (not recommended!). Despite the downfall of being subject to attacks, a cloud-based password manager saves you the headache of backing up your offline database and doesn’t come with the possibility of forgetting your database at home. Neither option is the “right” way, and will depend on your lifestyle and what you are looking to get out of your privacy and security strategy. Either is far and away better than reusing passwords and/or emails. Recommended offline password manager: KeepassXC Recommended cloud-based password manager: Bitwarden Note: Be sure to see if your password manager offers browser integration or app integration for easy auto-filling. While there are a lot of password manager options out there, it is recommended to avoid the following software due poor ratings on privacy audits or security issues: - LastPass - 1Password - Roboform - iCloud Keychain Alright, so now you’ve got somewhere to store your account information. But what about creating an email every time? Who is going to manage all of those accounts, and how? First, it should be mentioned that while creating a separate email for each account is the gold standard for privacy, it may be unnecessary for some applications. It is not uncommon for the privacy-minded consumer to group similar accounts into a single email, based on what information is given to each company. This will again come down to your threat model. Regardless, it is recommended to be careful not to assign too many accounts to any single email. When the time comes to create a new email, there are multiple options outside of trudging through the account creation process with your go-to email provider: Confident you’ll never need the email again? Try a temporary/disposable email generation service. With most of these services, you can create an email account in seconds. The typical lifespan of the account will be 10 minutes, long enough for you to receive and open your account confirmation email. And there’s a bonus: no spam in your main inbox! Recommended: GuerrilaMail Note: Some companies scan for and block temporary emails. Want to create an alias email that funnels into a single inbox (or even forwards to your main inbox?) Try an email aliasing service. With these, you can typically generate a random or custom email in seconds, and choose what happens with emails received at this address. Recommended: Blur (Blur can also mask your credit card number, store and generate passwords, and sync across devices). Alternatively, as mentioned above, you can create emails in advance based on what information will be shared with the companies receiving that email address. In this case, you can still utilize Blur or similar aliasing services, however you may wish to use your email provider of choice as well. With these tools in hand, you will be ready to implement a new standard of privacy for yourself and your data. The next time you are prompted to create an account, generate a new password with your password manager and store the corresponding email. If you liked this post, you may also be interested in learning more about securing your privacy with 10 Open Source Services and Apps For The Privacy-Minded Individual.