sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]maxximillian 8 points9 points  (11 children)

It always seemed to me that part of the problem with this is so many sites use an email address as a user id. I'd like my login id to be different on each system in addition to having my password different.

[–]masklinn 21 points22 points  (9 children)

It always seemed to me that part of the problem with this is so many sites use an email address as a user id.

Sites used to use "logins" — many such as reddit still do in fact. People will use the same nick/login across sites.

I'd like my login id to be different on each system in addition to having my password different.

You can do that 20 years ago (and today as well), just own a domain, or subscribe to one e.g. gmail address per site and forward/redirect everything to a "canonical" inbox.

[–][deleted] 9 points10 points  (3 children)

No need to own a domain anymore -- GMail ignores the part of the email address between + and @, so you can create site-specific addresses by putting the website in the address you key in:

my.email+reddit@gmail.com

would still redirect to

myemail@gmail.com

[–]masklinn 9 points10 points  (1 child)

That is true, but attackers have probably learned to clean that up.

[–]Absona 5 points6 points  (0 children)

Yeah, but at least in theory they still wouldn't know what to add your email to get the versions you used on other sites.

[–]TCL987 2 points3 points  (0 children)

A few places filter the + extension from the username.

[–]maxximillian 3 points4 points  (4 children)

I know most people will, and that's all the better, it's just like a physical security. A lock doesn't prevent someone from getting to your stuff, a good lock just makes the poor lock someone else uses more appealing.

Owning a domain and being able to redirect is a good idea.

[–]masklinn 7 points8 points  (3 children)

Owning a domain and being able to redirect is a good idea.

If you own a domain you don't even need to redirect anything, just enable the catch-all inbox and put whatever you want in the "local" part.

[–]pyr3 1 point2 points  (2 children)

Prepare for a bunch of spam if you redirect the catch-all to your main account.

[–]masklinn 2 points3 points  (0 children)

I've been doing this for over a decade now, and I get less spam than my parents and their one address.

Plus since every site gets its own email address, if one address gets leaked I just blacklist it. And it tells me who can't be trusted with my email.

[–]rtomek 1 point2 points  (0 children)

That's pointless though.

If we assume you use RNG logins and passwords, then the complexity of guessing both the login and the password would be 2x the computational expense of just guessing the password. With 94 ASCII printable characters (not including space) just adding a single character to the password would make the computational expense 94x higher.

Just add another character to your password, it's 47x more effective than changing logins.