Email Security Guide for 2021

Featured Image by Muhammad Ribkhan from Pixabay

Due to the many data breaches not only are passwords being collected but emails are too. Emails are a profitable thing for not only hackers to have but companies too. Hackers use your emails to take control of you online accounts. Companies use your emails to sell you things by sending out spam. So the question comes down to what can you do to protect yourself? The simplest thing to do is protect your emails by segmenting your accounts.

So how can you do this? The easiest way is to create different emails from every account you have. However, creating an email for every online account can be a time consuming thing that is not very practical. This is because on average people have about 100 online accounts. They range from banks, to social, to shopping. The best way is to create three email accounts and use email aliases to create other email addresses for everything else.

Your current email addresses should be considered compromised and should no longer be used for anything sensitive. The first thing you should do is create a brand new email address that you will only use for family and really close friends. Also, do not use any services from Yahoo, Microsoft, Google, or other big tech companies. Instead use a service from ProtonMail (free or paid), Mailbox.org (paid only), Tutanota (free or paid), or even buy a domain name with email hosting. You can look at more options here https://www.privacytools.io/providers/email/.

The next thing to do is you will need to list ever online account you have. These include banking accounts, all social media accounts (Facebook, Twitter, TikToc, Reddit), school accounts, work accounts, shopping (Amazon, Walmart, grocery), professional accounts (Linked In, Monster, CareerBuilder, Indeed), and Entertainment (Hulu, YouTube, Disney+, Netflix).

Now that you have your list of accounts, now put them into groups: Personal, Social, Financial, Shopping, and Entertainment. Your list might look something like this:

Personal:
Personal email
Dropbox
Apple
Sync

Social:
Facebook
Twitter
Reddit
Instagram
TikTok

Financial:
Bank
Coinbase
Retirement
PayPal

Shopping:
Amazon
Walmart
Doordash
Uber Eats

Entertainment:
Disney+
Netflix
Twitch
Spotify

Professional:
LinkedIn
Indeed

First, you will create three email addresses: first.last@protonmail.com, alias@tutanota.com, professional@gmail.com. Note you can use whatever service you want, and name them whatever you want, but I am using these for the purpose of this example. The first email address will be your personal email that will only be given to your family and close personal friends. The second email will be used to collect the alias emails in the next step. The last will be used for untrusted sites.

Next, you will create an account with an email clocking services like AnonAddy (https://anonaddy.com) or SimpleLogin (https://simplelogin.io/). Now you will take your grouped accounts and make aliases for each one; with the exception of the social group. Your list might look something like this:

Financialfinancial@johndoe.anonaddy.com

Shoppingshopping@johndoe.anonaddy.com (to add an extra layer of security you could make an alias for all your shopping accounts like amazon@johndoe.anonaddy.com, walmart@johndoe.anonaddy.com, etc)

Entertainmententertainment@johndoe.anonaddy.com

All of these emails will be forwarded to alias@tutanota.com. It is important to makes these aliases as generic as possible so that it will be harder for someone to connect the dots to track you across multiple accounts. With the social media group you will create aliases for each social media account you have. Your list may look something like this:

Facebookfacebook@johndoe.anonaddy.com

Twitchtwitch@johndoe.anonaddy.com

TikToktiktok@johndoe.anonaddy.com

Note: You might have to create multiple email clocking services or pay for the premium plans depending on their limits on the free plans.

Finally, if you are searching for a job or your work requires you to give them an email address, you will use this email address. The reason you will not want to use an email clocking service is because using one might make you look untrustworthy. I recommend using a Gmail account because a lot of businesses use Google products to do their searches. This will allow you to still appear professional and control what data is out there on you.

The most important part of this plan is to make sure that you do not use your personal email address for anything other then for emailing family and close friends, that you keep up with your groupings and keep them separated, and make sure that every account has a unique strong password that is randomly generated. Now if you come up to a situation where you need to have access to a part of a website for something temperately or need to create an account for one time access, use a temporary email. There are many different services like: EmailOnDeck (https://www.emailondeck.com/), 10minuteemail (https://10minutemail.com/), or TempMail (https://temp-mail.org/). For more options search for “temporary email services”. Note that some sites do block the use of these emails but you can either create a new email for this situation (onetime@gmail.com) or create an alias (onetime@notjohndoe.anonaddy.com) and point it to your already compromised but abandoned email.

To keep your accounts secure I recommend using a password manager like Bitwarden (https://bitwarden.com/), KeePass (https://keepass.info/), or Dashlane (https://www.dashlane.com). The password manager will allow you to not only store the password in a secure password vault, but also will generate secure passwords for you. So each account will have their own secure password that you don’t have to remember. Note do not use ANY browser built-in password manager. The reason security experts recommend you use a dedicated password manager comes down to focus. Web browsers have other priorities that haven’t left much time for improving their password manager. For instance, most of them won’t generate strong passwords for you, leaving you right back at “123456.” Dedicated password managers have a singular goal and have been adding helpful features for years now. Ideally, this leads to better security. (https://www.wired.com/story/best-password-managers/)

To add an extra layer of security against trackers, I suggest practicing what is known as data segmentation. What you will do is use three different web browsers: Chrome, Brave, and Firefox. All of your Google related accounts will only be used on Chrome. This includes watching YouTube, checking Gmail, accessing Google Drive, etc. If you use any Google products they already track you so might as well keep it all in the Chrome Browser. All research, shopping, or other untrusted (but legal) web activities, will be done in the Brave browser. Brave has many anti-tracking and ad blocking tools that will reduce the amount of tracking done. Note make sure that you do not participate in the Brave Rewards program. All the other activities that are in your email groups: Personal, Social, Financial, Shopping, Entertainment, will be done in Firefox using Multi-Account Containers and some tweaks to Firefox found here: https://www.privacytools.io/browsers/#about_config. You will create at a minimum the following containers for Firefox: Personal, Work, Financial, Shopping Research, Entertainment, Social, Facebook, and Banking. Note the shopping research container will only be used to search for things you may want to buy but then use Brave to actually buy them. You can add as many other containers you wish to further segment your accounts, but remember to stick with it so don’t make it too complicated. Then setup the Multi-Account Container tool to always open the site in it’s designated container. For example, your bank’s website should always open in the Banking container and Amazon should always open in the Shopping Research container.

As long as you keep everything separated and create a simple system, you will increase your security and privacy online. The hardest part is keeping the system and not to accidentally use an email from one group or an account from one container with another.

As always keep an eye out for more guides and updates as things always change!