So if you’ve already been a dummy, would changing your email help?
Discussion
If your email has been widely shared, it's likely already available on the dark web. The real security risk isn't just email exposure and spam—it's the common practice of reusing the same email-password combination across multiple services.
When a single service is breached (like a retailer or streaming platform), threat actors combine your exposed credentials with other leaked data, creating comprehensive profiles. One breach now compromises all accounts sharing those credentials.
Best practice is maintaining dedicated front-facing emails for official business (some sites don't allow alias emails), while using unique email aliases and high-entropy passwords for every other service. Services like SimpleLogin (included with Proton) allow you to easily generate a unique email alias for each individual account.
This compartmentalizes risk—if one service is compromised, others remain secure, and if an alias service fails, your primary email remains functional for critical communications. All of this can be stored in an open-source, independently security audited password manager that is either local on an air-gapped device (one that never connects to the Internet) like KeePass, or that uses cloud sync for greater convenience like Proton Pass/Bitwarden.
I use surfshark alt ID for my online logins!!! It provides me a email address and name and address. All those linked to my email address.
If any better one available shill me please 🙏
#Asknostr
So hard to make some people understand this risk.. Have had people (friends) complain when sites ask for (more than just letters) in their password.. "But I remember it, and use it everywhere!"..
High entropy email alias should be available on all email services.
I've been using long phrase passwords, 4 or 5 words long. How does that compaire to the high entropy number/letter/symbol passwords?
5+ words is generally better than 4, but it's not all about length; it's also about entropy, complexity, and not using common words that are used in Dictionary Attacks.
Truly random, high-entropy passphrases are a valid option to unlock your password manager, as they can easily be remembered if you create a mnemonic like an absurd story using the random words as a recall technique. They can also be valid for full-disk encryption on your laptop, or as a passphrase for an encryption key like PGP or SSH, etc. It is best practice to not reuse passphrases.
I recommend using KeePassXC to generate this high-entropy passphrase for most people, or if you follow the instructions to the letter, this is a very good offline method:
However, I highly recommend using high-entropy random passwords that include:
• Length (in characters)
• Use of uppercase and lowercase letters
• Use of numeric characters
• Use of special symbols
...for pretty much everything else.
Here is some good info on passphrases vs passwords:
"If you compare a passphrase to a truly random password, the password is the better, more secure option."
https://proton.me/blog/what-is-passphrase
Here is some more good info on password entropy, including the math used to calculate it:
https://proton.me/blog/what-is-password-entropy
While ProtonPass/Bitwarden will tell you if a password/passphrase is strong, KeePassXC shows you the entropy of your passwords in bits—both internally generated, or by pasting your current password into the password generator. I suggest using it as an easy way to check your exact password entropy.
You want an entropy score of at least 75 bits (72 is reasonably easy to crack).
