Security e-mail advise?

Moderators: admin, azitnay, anatoly_LP, chantieLP, JoeSiegrist, robyn

Security e-mail advise?

Postby XIII » Thu Aug 09, 2012 3:37 am

After having read the now probably famous Apple/Amazon "hack" of Mat Honan's accounts on Wired I wonder on best practices for security e-mail and recovery e-mail addresses.

http://www.wired.com/gadgetlab/2012/08/ ... n-hacking/

Should I use a separate security/recovery e-mail address for each major service? (LastPass, Google, Microsoft Live, ...) On which other service?

What do you advise? What's your setup like?
XIII
 
Posts: 388
Joined: Fri Oct 16, 2009 6:18 pm

Re: Security e-mail advise?

Postby Lars » Thu Aug 09, 2012 10:34 am

I can't remember who said it, may have been Mr. Bruce Schneier, that you should never re-use email addresses for security purposes, in this case as your security/recovery email address.
I have a couple of dedicated security/recovery email addresses, on my own domain, making it fairly easy to manage.
Lars
 
Posts: 2577
Joined: Wed Jul 14, 2010 10:48 pm
Location: So Cal

Re: Security e-mail advise?

Postby XIII » Thu Aug 09, 2012 10:46 am

Lars Wrote:I have a couple of dedicated security/recovery email addresses, on my own domain, making it fairly easy to manage.

I was thinking of that option as well.

Do you host that mail yourself, or do you forward it to other services (and which)?
XIII
 
Posts: 388
Joined: Fri Oct 16, 2009 6:18 pm

Re: Security e-mail advise?

Postby Lars » Thu Aug 09, 2012 10:54 am

I host a couple of domains, and one is only for security email address'. It cost me some $10/year and is easily setup. I don't forward the mail, but I know when I use the security option, and then I just go check them via my hosting company.

I was thinking about setting up another domain, something like 3WDv7xFe3ts6kA56.com - thus preventing perps from guessing my email address.
Lars
 
Posts: 2577
Joined: Wed Jul 14, 2010 10:48 pm
Location: So Cal

Re: Security e-mail advise?

Postby jonat » Thu Aug 09, 2012 11:32 am

You don't need to pick an unguessable domain, just a username. It should be, as Lars suggests, a domain you don't otherwise use normally. Of course, it needs to be one you can get at online and for which YOU remember the password.
jonat
 
Posts: 2199
Joined: Thu Dec 09, 2010 8:42 pm


Return to Off Topic

Who is online

Users browsing this forum: No registered users and 3 guests