Comment by tamimio
4 hours ago
It should be a standard practice to have a unique email and password for every service you use out there, plus the usual like 2FA. I have been doing this for years and never had any issue, but also you can tell if the service got compromised even if they never announced it. For example, I have an account on a service called Shakepay, and recently I have been getting a lot of phishing attempts on that specific unique email that's never been used anywhere else. I can tell for certain that their email database got leaked/they sold it.
How do you manage having potentially many different email accounts?
It's only 1 email account but with either catch-all or aliases configured.
Outlook supports having multiple arbitrary email addresses as well as allowing login from only one of them.
Just adding plus signs and the vendor name in the address would do it.
isn’t this easy for a potential attacker to mitigate, i.e. dropping from the address everything after the plus? it’s a known trick for gmail so i would not be surprised if an attacker knew how to get to the “real” address by cleaning it up.
A lot of email services that provide the aliasing feature have seamless integration with password managers, so when you sign up you generate a unique email and password on the fly, and it get saved in the manager.