I recently went through most of my accounts and randomized the username, with the thought here being to limit the likelihood of one site being compromised leading to accounts at other sites being compromised. I don’t have to remember them due to using a password manager, so it’s really no skin off my nose.
I’ll use this as a reminder to everyone to improve your security. Some ideas:
use a password manager and use random usernames and passwords
have multiple email accounts, and don’t use your “main” email w/ random signups - I use a simple mnemonic, like “<user>-<purpose>@domain.com”; so “[email protected]” or “[email protected]” so it’s easy for me to remember, but unlikely for a lazy hacker to pwn other accounts (a lot of these are automated); my real email is “[email protected]”
use 2FA if offered, even if it’s stupid SMS or email based; having any extra step can deter an attacker
Sucks that people are targeting IA, I hope there isn’t any lasting damage and that this is a simple defacement/DOS.
I recently went through most of my accounts and randomized the username, with the thought here being to limit the likelihood of one site being compromised leading to accounts at other sites being compromised. I don’t have to remember them due to using a password manager, so it’s really no skin off my nose.
I’ll use this as a reminder to everyone to improve your security. Some ideas:
use a password manager and use random usernames and passwords
have multiple email accounts, and don’t use your “main” email w/ random signups - I use a simple mnemonic, like “<user>-<purpose>@domain.com”; so “[email protected]” or “[email protected]” so it’s easy for me to remember, but unlikely for a lazy hacker to pwn other accounts (a lot of these are automated); my real email is “[email protected]”
use 2FA if offered, even if it’s stupid SMS or email based; having any extra step can deter an attacker
Sucks that people are targeting IA, I hope there isn’t any lasting damage and that this is a simple defacement/DOS.
thanks for the advices ! Would you recommend a particular password manager?
For e-mails, you can just get firefox relay with your own subdomain and generate infinite e-mail masks for 1$ a month.
I usually take “[email protected]” for example. It’s pretty great because you just make the masks on the fly.
I’ve been doing this for several years now (not specifically that service, since I have my own domains). It’s really nice knowing exactly who sold your email to the spam bots, because it’s right in the address. Super easy to block once that happens.
Yeah, I bought some Chinese batteries a while ago and they sold/leaked my info to a dozen other scam companies. None of which I was able to unsubscribe from. Just ticked a box to disable the email and that was the end of that. If I hadn’t, they would have been blowing up my inbox for the rest of eternity with no way to stop it or know where it came from.
I didn’t know that actually. They can still deduce your actual email address from that, but for the identification of the culprit that would work as well.
For users of Gmail, I can confirm this works and you can even set it up so that address+nameofshop goes to a folder called “nameofshop.”
You can also apparently add a dot anywhere before @gmail.com and still receive the email. I haven’t tried this one, but the last time I mentioned this someone said it was part of the email standard, so presumably it works.
I don’t know of tricks specifically of this vein for proton mail, but I do know you can setup a catch-all address so, for example, something addressed to [email protected] goes instead to [email protected].
I’ve not tried SimpleLogin, but apparently it offers similar functionality.
If you use the same email everywhere, they can try brute-forcing the password by using the email instead of your username. Give them less to go on. $1/month is absolutely worth it to prevent an important account from getting hacked.
I recently went through most of my accounts and randomized the username, with the thought here being to limit the likelihood of one site being compromised leading to accounts at other sites being compromised. I don’t have to remember them due to using a password manager, so it’s really no skin off my nose.
I’ll use this as a reminder to everyone to improve your security. Some ideas:
Sucks that people are targeting IA, I hope there isn’t any lasting damage and that this is a simple defacement/DOS.
thanks for the advices ! Would you recommend a particular password manager?
I like Bitwarden, largely because it’s open source and audited by a reputable third party.
For e-mails, you can just get firefox relay with your own subdomain and generate infinite e-mail masks for 1$ a month. I usually take “[email protected]” for example. It’s pretty great because you just make the masks on the fly.
I’ve been doing this for several years now (not specifically that service, since I have my own domains). It’s really nice knowing exactly who sold your email to the spam bots, because it’s right in the address. Super easy to block once that happens.
Yeah, I bought some Chinese batteries a while ago and they sold/leaked my info to a dozen other scam companies. None of which I was able to unsubscribe from. Just ticked a box to disable the email and that was the end of that. If I hadn’t, they would have been blowing up my inbox for the rest of eternity with no way to stop it or know where it came from.
What about plus addressing which is supported by most major mail services for free? You can just use [email protected] for example.
I didn’t know that actually. They can still deduce your actual email address from that, but for the identification of the culprit that would work as well.
For users of Gmail, I can confirm this works and you can even set it up so that address+nameofshop goes to a folder called “nameofshop.”
You can also apparently add a dot anywhere before @gmail.com and still receive the email. I haven’t tried this one, but the last time I mentioned this someone said it was part of the email standard, so presumably it works.
I don’t know of tricks specifically of this vein for proton mail, but I do know you can setup a catch-all address so, for example, something addressed to [email protected] goes instead to [email protected].
I’ve not tried SimpleLogin, but apparently it offers similar functionality.
can confirm, [email protected] works just the same as [email protected]
Yup.
If you use the same email everywhere, they can try brute-forcing the password by using the email instead of your username. Give them less to go on. $1/month is absolutely worth it to prevent an important account from getting hacked.