Comment by n2h4
1 day ago
what i noticed from you and a couple other similar stories in this thread is that a same email is used at multiple places. Have you looked into email aliases like simplelogin, anonaddy, or anything of that sort?
or at the very least, the basic username+alias@domain.tld? this let's you know at least which thing was compromised.
of course, I don't recommend doing the same for important services like you banking accounts, but for the vast majority, having an alias would be enough.
and compartmentalisation always helps (different emails/accounts for personal, govt, and work domains).
Honestly, I created the two-email setup at a different time in my life. After the hack, I decided it was easier and more desirable to just use one address. My works speak more for me than a firstname.lastname email now that I've gained some life experience.
I haven't considered looking into other email alias tools. The whole area wasn't something I had put much thought into after getting things the way I wanted a decade prior.
In email, I have used the "+" format in some situations where I'm curious if a third-party is going to leak my contact details. It's not something I use every day, but it is a useful tool, I agree.
The problem with getting a Google account hacked is that Google, by default, really wants to save your passwords for you. So, even though I keep passwords in KeePass, plenty of them ended up remembered inside Chrome, too. Once the hacker compromised the Google account I had to assume every website listed in my password manager needed to be rotated. Plus, I had to change every account that I registered using my "firstname.lastname" email - so I was basically already sold on needing to have to revisit every website I'd ever used.