Comment by keyle
7 hours ago
At this stage just expect that every accounts will get leaked or rooted, it's a matter of when, not if...
Use varying email `plus addressing` (john+am2604@foo.com), varying passwords or passkey and 2FA on anything remotely important (use of your identity, not just financials).
One time I clicked "I forgot my password" on a website and they e-mailed me my password.
Ever since I don't trust online services.
I recommend people use proper email aliasing, not plus addressing. Duckduckgo makes a free one that's can integrate into Bitwarden, if you have iCloud+ Apple's($0.99/month) hide my email is good. Addy.io and SimpleLogin are the best and allow PGP encryption to prevent another party having access to your emails, but they are paid for full features.
> Organizations like the IAB require that advertisers normalize email addresses so that they can be correlated and tracked, regardless of users' privacy wishes.
https://www.privacyguides.org/en/email-aliasing/#over-plus-a...
Plus addressing doesn't work well unfortunately - lots of poorly written websites will reject it.
+1 for not giving those websites your email in the first place!
The + trick is useless to protect you, obviously. Instead, use a a service like simplelogin to create unique emails for every place you sign in.
Correct, but you get to see who leaked you.
Depends if the criminals are smart enough to strip the +.. part when sending you phishing.