Don’t Reuse Email Addresses

by | Jun 23, 2020 | Uncategorized

You’ve Heard Of Password Managers, Now Email Address Managers

It is common knowledge that reusing passwords is bad. Enveloperty is introducing that reusing email addresses is worse. Not only is the email address half of what is used for logins. But it is not protected as well as passwords, and is used to contact users. Stopping the reuse of email addresses dramatically increases security for the user.

Point Of Contact-Phishing

90%+ of digital attack campaigns involve phishing. In fact, phishing is usually the first interaction the attacker has with the victim. Email address reuse is an enormous contributor to the ability of attackers to conduct phishing. Every time a database of credentials is breached, email addresses are exposed to phishing. These phishing opportunities are chances for attackers to claw their way into numerous organizations. Anyone who used the same address to register and work with, exposes the company to attack. With the popularity of work from home, it has never been easier for a personal computer to be used to infect an organization.

This vulnerability makes defending from phishing one of the most important and cost effective investments companies need to make. From your code repository, to sales information, to human resources databases, email/password logins are everywhere.

Half Of Login Credentials

For the vast majority of sites and services, the credentials to log in are an email address and password. The almost singular focus on protecting passwords has inadvertently created a single point of failure for logins. If everyone knows your logging in email address, they only need to get your password to compromise you.

However, if your email address is unique, then attackers can get your password, but only have half of what they need to compromise you.

Not As Defended As Passwords

The near singular focus on protecting passwords and not email addresses has created a dramatic lapse in securing email addresses. Your password is better protected than your email address. Yet they are both equally necessary for logging in. Since your email address is less protected, the odds of it being leaked are much greater. With the greater odds of it being leaked, you must therefore be ready to replace it much more.

Changing It Up

If there is one tactic that upsets hackers the most, it is variety. They love nothing more than plinking away on a static target that thinks it is invulnerable. Like a test with no time limit, they can put the time and effort into finding every answer through their web of resources and experimentation. But you compartmentalize so they can’t build momentum, and throw a time limit on top and they are in dire straits.

This is exactly what Enveloperty wants to do for email addresses. This is already common practice in passwords, Enveloperty created a technology to enable it for email addresses. If a user has unique addresses for all of their contacts and registrations, a lapse in security from one entity does not mean a breach for the rest. Unlike if email addresses are reused, in which case discovering the address from one site means knowing half the credentials for the rest of a victims registrations.

Furthermore, Enveloperty makes it incredibly easy to change the email address registered. So even if a set of credentials are compromised, a quick change and your credentials are secure again! The way hackers work, is one group steals the actual credentials. But that data is then sold to a different group to actually extract the money. Changing your address during this lengthy transaction period can save you from a breach!

We hope you will join us in our endeavor. For those of you who are already familiar with password managers, it’s the same literature with a little different implementation. There are volumes written on their importance for those who aren’t convinced. Often people think password managers are for consumers. But actually it is businesses who need them the most. Do get in touch for any reason!