Click here to visit Original posting
When it comes to cybersecurity, most people think that creating strong, unique passwords is enough. A password gives access to a single account, or potentially several if you re-use passwords, which can make you vulnerable to attacks. But your email address is actually more valuable than your passwords. It's basically your digital passport. You wouldn't share your passport details every time you speak to someone or make a purchase in real life, so why would you share your digital passport everywhere online? If it falls into the wrong hands, the stakes are extremely high.
In 2024, the global average cost of a business data breach was $4.88 million. Identity fraud is on the rise and data breaches occur regularly, so we need to start protecting our email addresses to protect ourselves online.
The risk of using one email address
Your email address isn't just for communication, it's your digital identity. It's an incredibly valuable piece of personal information that can be used, sold and abused by companies, governments and scammers. Thanks to this data, spammers have been able to personalize phishing emails well enough to avoid sophisticated spam detection by Google and Microsoft.
When you give your email address to sign up to public WiFi, or to create a new account, that single piece of information can be used to create a detailed profile about you. It's attached to everything you do online, from online shopping to banking, from posting on forums to contacting healthcare professionals. By themselves, individual accounts contain some sensitive information about you, but your email address connects them all. In the hands of a bad actor, it's the key to a gold mine of personal data.
If, like most people, you only use one email address for all your online accounts, you're creating a huge potential risk. If you only use one email address for all your accounts, you will also find it harder to change it if (or when) it's exposed in a breach.
So many of your accounts will be associated with this email address that even if you realize that you've been affected by a data breach, it's not easy to fix. It means updating your account details on potentially hundreds of websites, a labor-intensive task that most people aren't willing to take on. This gargantuan task is reflected in our recent survey: 66% of Brits said they’d rather lose their passport than their email address.
What happens when your email address – your digital passport – is exposed?
If your email address is published online, you become a target for bad actors online. The two main ways that this can happen are through data breaches and data brokers.
Data breaches occur when businesses fall prey to cyberattacks or even just through mistakes, such as Ticketmaster, Microsoft, and Google experienced in 2024. Hackers downloaded and published troves of information, with more than 1 billion records being stolen. If hackers acquire your email address, they can target you with phishing scams, sending emails to convince you to give away sensitive information to help them to access your accounts.
Your email address can also be uncovered by data brokers. Data brokers trade in personal information as a commodity, selling it for marketing and advertising purposes. They combine data points such as your internet history, public records, and purchases. This data is incredibly easy to find online because it's all connected to your email address, and with enough of it, data brokers can sell a detailed profile of you to businesses for a profit. If you're affected, you'll likely find your inbox bombarded with spam from marketers and potentially scammers. You might also find hackers using your data to guess your passwords, access your accounts, and lock you out. Even governments can purchase this data to spy on their citizens using warrantless surveillance.
Anyone can fall victim to data scraping and breaches. Proton's recent study looked into politicians that had fallen victim to data breaches. 68% of MPs in the UK had their details compromised on the dark web – a national security issue waiting to happen.
A lesser-known solution – hiding your email address
The best way of protecting yourself online is not sharing any information in the first place – what companies don't have can't be used against you. But that's not realistic. So the best way to protect your real identity is to hide your digital identity.
Email aliases let you hide your identity from online services. An alias is a randomly generated email address that you can share with online service providers to mask your real email address, shielding it while still letting you receive emails. Despite being easy to create and manage, they're still underutilized.
For example, you can create an alias such as newsletters.perplexed753@passmail.net – a specific alias for receiving a newsletter. Without any identifying information, such as your name, it can't be traced back to you. Even if that business is breached, your personal identity won't be affected. You can create a unique alias for each account, covering your tracks online and protecting your privacy.
Without your email address, data brokers and scammers can't create an online profile for you. Your alias is only tied to one account, and since it doesn't contain any identifiable information, it reduces the amount of information you share online.
If one of your aliases is compromised in a data breach or begins receiving spam emails, you can simply deactivate it. Only one of your accounts is affected and you can create a different alias for that service. The inconvenience and risk associated with your real email address being leaked is eliminated. You can create as many aliases as you like to make sure that any risk is spread across multiple disposable addresses. Instead of a huge task to reset your email address, it becomes a thirty second fix.
Email aliases don't just allow you to receive emails — but send them too. If you want to create an account on a forum but don't want to use your personal email address, your aliases help you communicate with total privacy. You can create email aliases to help you manage a small business using your business domain or even just organize your inbox.
Email aliases are an easy, low-effort tool to combat cybercrime and protect our personal data. As navigating the internet becomes more risky, we need to rethink the way we freely give our personal email addresses to every online service provider. Instead, we should approach sharing your personal email address the same way as sharing your passport — with great caution. This shift in mindset will make it harder for bad actors to flourish online and help you take control of your privacy.
We've featured the best secure email provider.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those: https://www.techradar.com/news/submit-your-story-to-techradar-pro