Improving Personal Security with a “secret” email address

An individual security best practice that we don’t talk about enough:

You should be using a special email address for your username and contact for your most sensitive sites like password managers & banking.

This email should be:

  • weirdly named, hard to guess.
  • known ONLY to you.

I use Fastmail and have an alias and special rules exactly for this purpose. BUT you don’t have to be that fancy. If you are using gmail trying adding yournormalemail+specialcode [at]

This practice reduces the information that a threat actor can guess and can help you more readily identify phishing emails.

Leave a Reply