JavaScript disabled. Please enable JavaScript to use My News, My Clippings, My Comments and user settings.

If you have trouble accessing our login form below, you can go to our login page.

If you have trouble accessing our login form below, you can go to our login page.

One-off email addresses - the best defence against hacking?

Date

Adam Turner

Zoom in on this story. Explore all there is to know.

Hacking into your accounts is much easier if they all use the same email address as the login.

Hacking into your accounts is much easier if they all use the same email address as the login.

iPhone hackers will struggle to find you if they don't even know your iCloud login.

There's still plenty of speculation as to exactly how hackers managed to break into Apple's iCloud accounts, remotely lock iGadgets and then demand a ransom for their release. It looks likely that the hackers got their hands on a list of email addresses and passwords from another online service, perhaps from the recent eBay hack, and simply tried their luck by typing the same details into iCloud.

Considering that people have a bad habit of using the same password for different online accounts, you'd expect such a plan to have a high success rate. This kind of scenario is exactly why it's such a terrible idea to reuse passwords, yet people continue to do it.

Whether or not this is how hackers snuck into iCloud is uncertain, but what is certain is that once someone uncovers one of your passwords they'll try it everywhere else. These days most services ask for your email address as your login, which means you end up using the same login for most services. This means hackers already have the first piece of the puzzle.

You might think two-factor authentication alone is enough to keep you safe. It's certainly worth enabling wherever possible, but it's not completely foolproof. Just knowing that your email address is your login can be enough for some to launch a social engineering hack, such as ringing a support call centre and trying to bluff their way in while bypassing the two-factor checks.

Bluffing or hacking your way into an iCloud account – or any other online account – is a lot harder if you've used a one-off email address as your login. Many email services let you create free aliases which forward to your primary email address, so you can create bob+icloud@example.com and bob+amazon@example.com which both forward to your bob@example.com inbox. If you have your own domain name, you might even go with icloud@mydomain.com and amazon@mydomain.com.

At this point no amount of technical know-how or social engineering trickery is going to get someone into your iCloud account if they're starting with your real email address, because that account simply doesn't exist. The trick is to never use those alias email addresses for anything else, so there's no possible way that spammers and hackers could know about them. If you do start to receive email to those aliases, such as spam or phishing attacks, then you know that the service has either been hacked or is selling your email address to marketers.

Remembering all those extra email addresses might seem like a hassle, but not if you're already using a password manager such as 1Password, LastPass or Dashlane. To make things easier you might follow a pattern – although perhaps more complicated than bob+icloud@example.com to make it harder for someone to guess your other email addresses if they discover one.

There's no 100 per cent foolproof way to guard against hackers, but using one-off email addresses and strong unique passwords, combined with two-factor authentication where possible, makes you much less vulnerable to attack. What are your tricks for keeping hackers at bay?

Read more posts from Adam Turner's Gadgets on the Go blog.

10 comments so far

  • Unless the email address you use is random then I think hackers are intelligent enough to work out that if your facebook login address is myname+facebook@gmail.com or facebook@mydomain.com then your twitter account will likely be myname+twitter@gmail.com or twitter@mydomain.com.

    It would slightly reduce the automated attack chance, but not a great deal. If you're using a password manager, then it might be worth making it completely random (eg. myname+fb424978344@gmail.com).

    Commenter
    AndrewJ
    Date and time
    May 30, 2014, 9:45AM
    • Best defense? Grab an iBrain and by a proper PC.

      Commenter
      Patrickb
      Date and time
      May 30, 2014, 9:48AM
      • By an iSpellchecker or join the defense force, Patrickb. Never seen a PC harmed by a security issue then?

        Commenter
        macsmademe
        Location
        mountains high
        Date and time
        May 30, 2014, 1:58PM
      • Sure you meant 'BUY' not 'BY', but you can't honestly believe buying a PC (I'll assume you meant a Windows machine) is safer... You're simply opening yourself up to real hacking where your entire operating system is more likely to be compromised. There are countless loopholes and vulnerabilities for Windows's machines waiting for un-tech savvy users to trip up. Not saying that Mac OS X systems are totally un-hackable, but the likelihood is substantially lower.

        Commenter
        Patrickb's Sarcasm
        Date and time
        May 30, 2014, 2:02PM
      • Does your real PC have spell and grammar check? It seems your iBrain is unsure on the correct version of buy to use when talking about purchasing something.

        Commenter
        Peter
        Date and time
        May 30, 2014, 2:39PM
      • Does that come with its own spellcheck or understanding of the issues involved?

        Commenter
        dave
        Date and time
        May 30, 2014, 3:04PM
      • Seriously? It wasn't that long ago you could get infected by Nimda or CodeRed just by connecting our PC to the internet.. you didn't even have to do anything.

        Having a PC doesn't help you avoid anything.. I suppose getting a security hardended Linux Pc might help, but that isn't an option most newbs would understand.

        A chromebook is likely your best newb option because everything is sandboxed and it's completely self updating, and very easy to use and cheap. but again, not for everyone.

        Commenter
        MeZ
        Location
        Perth
        Date and time
        May 30, 2014, 6:31PM
      • Not an iPhone, or Mac user but your comment is unfair, because i think the point of this article is about the choice and decisions to online login details. So it applies to any computers or OSes or even smartphone of any brand.

        In this incident it is targetting iPhone user because their user base is becoming profitable.

        Commenter
        Gerson
        Location
        Sydney
        Date and time
        May 31, 2014, 8:49AM
      • Spellin aint fa me coz I got a propa PC ?

        Commenter
        Reg
        Date and time
        June 01, 2014, 2:11AM
      • *buy

        Commenter
        Derwan
        Date and time
        June 01, 2014, 8:43PM

    Make a comment

    You are logged in as [Logout]

    All information entered below may be published.

    Error: Please enter your screen name.

    Error: Your Screen Name must be less than 255 characters.

    Error: Your Location must be less than 255 characters.

    Error: Please enter your comment.

    Error: Your Message must be less than 300 words.

    Post to

    You need to have read and accepted the Conditions of Use.

    Thank you

    Your comment has been submitted for approval.

    Comments are moderated and are generally published if they are on-topic and not abusive.

    Advertisement
    Featured advertisers
    Advertisement