Off-Topic: Passwords aren't enough. How to randomize your emails too.
A random idea about randomization and security
I was just listening to Darknet Diaries and something the host said sparked an idea. This is just one of those times I thought I’d share with everyone else. It’s a tad techie, so if this isn’t for you, we’ll see you in the next article.
But, if you run your own domain, like I do with nateritter.com, that’s related to my identity, you might consider doing this yourself….
Here’s the idea.
For those of us who are extra security conscious, and can setup and use a catch-all/wildcard email address, you could setup what I’m going to call from now on a “UUID email addresses” per site.
Here's how I see it working from the user perspective:
User sets up catch-all email address (i.e., `
*@nateritter.com
` might forward to `foo@nateritter.com
`)Go to a site you want to register at
Generate a random string (anything like Raycast or tools like that can do this out of the box) `
[random-string]@nateritter.com
` to use as the email address when registering. Obviously use a random password generator for the password too. Register with that.Any confirmation emails go to your catch-all (in this example, `
foo@nateritter.com
`), so you can confirm your email address or whatever you need to do next with it.Whenever you go to sign in, your password manager will fill in the details for you, so no need to remember either the password nor the email address.
This would be similar to `nate+amazon@gmail.com`, where “amazon” can be replaced with anything you want and you still get the email in Gmail, but the wildcard local-part/username (“amazon” in this case) would be a random string.
This would be way more secure because it would be so much harder for hackers to simply guess what the email address is with a “forgot password” or “sign in” functionality, which basically tells them that the email exists on the target website.
That’s it.
I'll be here all week.
Let me know when someone builds this into an automation.
(FWIW, I suggested this to 1Password too, so let’s hope)
Great idea! Check out https://github.com/anonaddy/docker
And also https://github.com/presswizards/hide-my-mail-cloudflare
Another great tip from tomelliot.net
—-
Fastmail will automatically generate email addresses for you (https://www.fastmail.com/features/masked-email/), and deliver those to your inbox.
Raycast lets you easily generate these addresses and paste them to the clipboard (https://www.raycast.com/LightQuantum/fastmail-masked-email#readme).
Finally, I have a domain that isn’t publicly associated with me in any way. I use that for especially spammy signups, with the site’s name before the @ so I know which email gets sold/leaked.