DEV Community

Cover image for Signing up to online services with unique credentials
Rogerio Taques
Rogerio Taques

Posted on

Signing up to online services with unique credentials

Hey! πŸ‘‹

I'm pretty sure that you have already heard (at least once at this point) about online services that were hacked and got their (users) data stolen and sold online, right?

If not, no worries, you definitely can see a (huge) list of hacked services right here: https://haveibeenpwned.com/PwnedWebsites. πŸ‘ˆ

With over 10 trillion records in a bit more than 400 identified hacked websites (as for Aug 5th, 2020), chances are you'll be able to find (at least one) of your email addresses within one of those data-breaches!

Damn, I found mine in 9 of them! 😑

Right! An what now, you might be asking! How to (try to) prevent such a thing?

Well, I'd say that one of the best approaches I've ever found is to use credentials with a unique combination of emails and passwords for every single service out there, without repeating.

Sadly I only figured this out once my emails were already leaked! 😟

Indeed, this alone will not prevent the service provider to be hacked, nor the stolen data to be sold online, however, it'll help minimize the impact over any other service you use, reducing the risk of having your other accounts pwned by the same credentials reused here and there.

So, considering that the human being is known to be terrible at creating completely random passwords (because of our memory limitations), how would we create and (most importantly) manage all those unique combinations of unique emails and passwords?

Here's where password managers come to rescue us all!

There's plenty of password managers options in the market, both free, open-source, and paid solutions, and I'm pretty sure you'll be able to find one that suits your need.

I've been using 1Password for over a year now and am truly happy, even though its paid version has been a bit more expensive than some of its competitors in the market.

The password manager helps us to create truly random and secure passwords using a strong combination of alphanumeric characters and special symbols, and also link those with the services they were created for. Great, right?

Right. However, most of the time you're gonna be using random (and strong) passwords associated with a single email address, or a very small range of different addresses. That alone is already very useful, but what if you want to create a unique combination of email addresses and passwords for every single service you sign up?

Here's where Mail Shield comes to rescue us all 🀩 (Spoiler, I've created Mail Shield).

Mail Shield is a micro-service that creates random and unique aliases for Gmail accounts with a single click. Every alias can be used out there replacing the "real" Gmail address when signing up to online services or contact forms.

Every message sent to an alias will be delivered to the original Gmail inbox and people using the complete (premium) pack from Mail Shield, can have an unlimited number of different aliases, all of them "magically" delivering messages to a single inbox.

This is very handy when it comes to protecting your real email address and/ or creating a truly unique credential for every single online service you may subscribe to.

An alias (or shield as I'm used to calling it) can be paused or deleted at any time, blocking any received message to reach the user's inbox. Also, it's possible to block a specific sender, preventing annoying messages while keeping the shield working. 🀘

Now, talking again about the 10 trillion accounts leaked from online services, you can significantly reduce the risk of been pwned using Mail Shield with a password manager (again, 1Password was my choice).

When you get notified that one of the services you use got hacked and had their database leaked, you can easily update your account for that service with a completely new (and unpredictable) credential, using a unique and random shield and a secure automatically generated password!

Cool, isn't it? πŸ™Œ

By the way, if you choose to go with the complete (premium) pack from Mail Shield, it'll watch your registered email and all your shields for data-breaches, notifying you always one of them is found into datasets available on the web, so you can act quickly. πŸ˜‰

Hope this can help you to improve your online privacy!

Cheers! 🍻

Latest comments (0)