In this chapter you found out how to create a secure password, and this chapter dwells on how to securely enter it, however we haven’t yet told you about login protection. Below you will find out about the steps to strengthening your login.

Many users make a big mistake by using one email as their login for all websites. It’s not that bad if you created a separate email for this purpose, but there is a big chance you can get into trouble if you use your personal or corporate email.

Some users use a unique email for every site. Although it does ensure a high level of security, it is also incredibly time-consuming, and it would be wrong to recommend users that they follow through on this security practice.

If you use a password manager, you don’t have to remember login and you can just use a random series of letters and numbers for  your login. However in reality, many websites ask you to use an email or at least give an option to restore access to your account using email.

 In this case after accessing your email account, a perpetrator will be able to restore access to your other accounts for which you used this email for login. This doesn’t necessarily have to occur because of your own oversight, your email client could have issues with security like it happened to Yahoo.

 Keeping in mind this threat, we are ready to offer you a simple and effective solution. First, create a separate email for registration of your accounts. We recommend you use the service Protonmail. Then we’ll show you how to take advantage of the symbol ignoring loophole.

Let me show you an example. Here are two emails: [email protected] and [email protected]. If I send an email to the first recipient, will the owner of the second email be able to read it?

In reality, no matter what email address I send my letter to, the user the address [email protected] will be the recipient. Google, Yandex and Prontonmail ignore all the symbols after the sign + and before the sign @. But if you enter these addresses on websites as your login, the overwhelming majority of sites will see them as different emails.

Suppose, you register on the website example.com and use the first 4 symbols of the website for creating your login. Upon registration you enter your email [email protected]. The email will be sent to [email protected], of course, you instantly delete it as it can contain the real login you shouldn’t be that careless about.

If a hacker hacks your email account and attempts to log in using [email protected] on the website example.com, he will get a message that there is no account registered with such email. Even if a hacker obtains your email, to recover the password, he will need to enter the login you used when registering on the website. Since you know how an email is generated, you can easily enter the right login even if you haven’t written it down somewhere.

We recommend you change the emails (logins) on all the websites you use, keeping in mind the information revealed in this chapter.