top | item 45843808

(no title)

tapland | 3 months ago

Anyone who’s looked at breach data knows to try yourname+service for any service.

This does help in filtering spam though

discuss

selcuka|3 months ago

It doesn't have to be literally the service name. Can be any unique alphanumeric suffix you make up randomly. As long as you use a password manager you don't have to remember it.

fragmede|3 months ago

Indeed, it needs to be more than just the company name if you want it to be useful later. If the email address used is company@example.com, any idiot could guess company. But receiving email to company_wkhx46@example.com is clearly gotta be from them, or they got hacked.

gblargg|3 months ago

That's why you have to salt the + portion (look up an old email from the service if you forgot the alias).

logifail|3 months ago

> Anyone who’s looked at breach data knows to try yourname+service for any service

Since we're all using a unique password for every service - <cough> we are doing that, aren't we (!!) - then how does that help?