Access to your emails means access to your messages. If I see you get a lot of Amazon email, I can reasonably assume you have an Amazon account.
Yes, you can assume EVERYONE has a Google, Amazon, Facebook, or Reddit account, right?
But this is why I use different email addresses. You’d never be able to use one of my email address across services, so not having the ability to secure my own accounts makes no sense.
But I will say that having strong email security pretty much eliminates this hypothetical risk.
Most services send you emails at least on registration.
Delete those. Why keep them?
Nope. Because I have your email account. And the usual method for resetting a password is via an email sent to your email account. That I’ve already compromised.
2FA prevents this.
I should be able to mitigate a website’s weak security practices by being able to modify all aspects of my account.
That last part is a pretty big asterisk. Sites that offer it are in the minority still. That also assumes your 2FA method isn’t email.
I agree, and while I think that plenty of websites still have a long way to go, let the user do what they can to further secure their account… by rotating email addresses easily.
You do realise the average person will never do this, right?
They should. I don’t think security-minded folks should have to suffer because other people don’t care or don’t know.
Plus, there are more services that offer very easy, one-click options for generating new email addresses per account. Anyone who cares enough would already know.
Yes, you can assume EVERYONE has a Google, Amazon, Facebook, or Reddit account, right?
But this is why I use different email addresses. You’d never be able to use one of my email address across services, so not having the ability to secure my own accounts makes no sense.
But I will say that having strong email security pretty much eliminates this hypothetical risk.
Delete those. Why keep them?
2FA prevents this.
I should be able to mitigate a website’s weak security practices by being able to modify all aspects of my account.
I agree, and while I think that plenty of websites still have a long way to go, let the user do what they can to further secure their account… by rotating email addresses easily.
They should. I don’t think security-minded folks should have to suffer because other people don’t care or don’t know.
Plus, there are more services that offer very easy, one-click options for generating new email addresses per account. Anyone who cares enough would already know.