Nearly every password you use to protect your accounts is paired with a username in order to log in – and most usernames these days are email addresses. In order to log into an account, you need to know both the username and the password. This link between usernames and passwords is riskier than you may think.
One reason password breaches result in so much damage is that when passwords are stolen, bad guys immediately check if the passwords stolen from Account A enable them to log into Account B. They often do because, unfortunately, many people reuse their passwords. That’s why we strongly advise that you never reuse passwords, either on Key Accounts (LINK) or unimportant accounts (LINK).
But there is another way to easily beef up the security of your online accounts: don’t use the same email address as your username all the time. If I know your password – or can guess it by trying 10,000 times until it’s cracked via brute force – but I don’t know your username then your account is still safe. But if I guess your password and know that your username is the same across multiple accounts, suddenly, I can try and get into way more accounts.
Of course, creating a new email account or username for every login seems like a huge hassle, and it would be. But that’s not necessary. If you use gmail, a little-known trick lets you customize your email-based username without needing to create a new email, letting you dramatically increase your privacy and security.
A gmail extra: +Security
The trick is this; you can add “+something” to the end of the first part of your gmail or Google apps email address (before the @gmail or @youraccount), and any email sent to that address will land on your original email address. .
For example, if your email address is firstname.lastname@example.org, and you’re creating a new bank account login, you can enter and use the email address email@example.com,firstname.lastname@example.org, or email@example.com and any email sent to any of those addresses will be delivered perfectly into your firstname.lastname@example.org account.
But if you use one of those “+something” email addresses as your user name, the account will not accept the non “+” version of the email as a valid username. It’s an easy way to keep your usernames different without overcomplicating your email life.
An added security benefit? Email leak intel
Not only does this trick significantly increase the security on your accounts, it also helps you know when one of your accounts has shared or sold your email address.If you start receiving other email addressed to the “+bank” or “+money” email address that didn’t come from the account where you registered that email address, you’ll know they shared your email with another company or they may be part of a breach.
Keep your accounts safe
Switching up your account usernames with the “+something” gmail trick is a smart and painless way to secure your accounts. We recommend you use this tactic in addition to strong passwords, a password manager, and two-factor authentication on your accounts. Together, these methods can help make sure you never have the losses or hassles associated with account breaches or take-overs.