For security and privacy online, do you really need more than one email account?
Some experts say having more than one can better safeguard your personal and financial information from sticky-fingered cybercriminals. You might have separate accounts for financial matters, family and friends, online shopping, newsletter subscriptions, and so on.
If you’re an online dater, add a separate email that can’t be traced to a primary email account in case your digital suitor turns out to be a stalker, says Tony Anscombe, chief security evangelist for the cybersecurity firm ESET. If things sour, he says, you can just delete the discrete account, and disappear.
Gmail is the highly popular, free email service from Google. A company spokesperson told AARP that while secondary email accounts have some benefits — such as helping people stay organized and protecting their privacy — they aren’t necessary.
“The most impactful thing users can do to protect their security online is to not reuse passwords, and enable two-step verification for their accounts,” the spokesperson added.
Some security pros agree that one email is adequate, but urge users to follow key safeguards.
- Use multi-factor authentication, which may include biometrics, to sign onto your account — or as Google suggested, two-step verification that may require you to enter a one-time authentication code sent by text or email in addition to your password. (Sometimes this is required only when signing on from an unrecognized computer device.)
- Have a strong, unique password to access your email account, and never use an identical password anyplace else. Remember to periodically change your passwords.
- Use a different sign-on name— not your email address — when you visit websites to browse, shop or pay bills, for example.
- Delete sketchy emails without opening them, and refuse to click links or open attachments within them.
Love it or hate it, email prevails
Though there are many ways to talk to others online, including instant messages, social media and chat apps, email remains an integral part of online life, say researchers at Statista, which found that in 2020 the world’s 4 billion email users sent and received about 306 billion emails every day.
But if one person sets up too many email accounts, it adds complexity that may increase the risk of victimization, cautions Christopher Budd of the cybersecurity firm Avast. He likens a person with too many accounts to a homeowner who has a $20,000 security system but doesn’t know how to use it. The costly bells and whistles are not “going to protect you as well as a good deadbolt lock that you had installed and know how to operate,” says Budd, Avast’s senior global threat communications manager.
If people feel they can handle multiple accounts safely, they should consider that, Budd says. “But if, instead of one account that’s well-protected — say with two-factor or multi-factor authentication — they have four or five accounts, all with poor security, that’s a net loss.”
At the Identity Theft Resource Center, a national nonprofit in San Diego, president and CEO Eva Velasquez notes that cybersecurity is not one-size-fits-all. “If you’re tech-savvy and you have the skills and the ability to manage multiple email accounts appropriately, then that’s the best practice,” she says.
Consumers with more than one email account should keep financial matters in a separate account and may want to use this account when checking out their Social Security account, Velasquez says.
Having separate email accounts may seem smart at a time when data breaches are common, but Velasquez says juggling multiple accounts may be too much trouble for some. She urges them to ratchet up cybersecurity on their primary email account, so they don’t become the “low hanging fruit” that identity thieves devour.
Need another email account?
• Use the free service you’re now using, or another one, to set it up. You’ll want to use a very different email name for yourself — and one that doesn't reveal personal information — so if one email account is compromised, a cybercriminal can’t guess the other. Importantly, use a different password and enable two-factor or multi-factor authentication on additional email accounts when possible.
Hide My Email generates unique, random email addresses from an iPhone, iPad or Mac that has the most current operating system installed. The emails automatically forward to a personal inbox affiliated with your Apple account. You can create as many extra emails as you want and keep them until you deactivate them. Providing you stay in the same email thread, the email recipient won’t see your primary email account.
Even small steps help
More pro tips:
1. Take pains to keep your email address private; share it only with those who need it. You might want to route nonessential senders to an email account set up for junk.
2. Limit the incoming communications for which you sign up, since a less cluttered inbox will make it easier to detect sketchy emails — which you should ignore, delete and consider flagging to your email provider.
3. If you receive a suspicious, unsolicited email, don’t hit “unsubscribe,” since you could signal a bad actor that the email used to respond is valid and active, Anscombe says.
4. Be careful what you share with merchants. If asked for your birthday to receive a gift or discount, pick a random date, Velasquez says.
5. Never share an authentication code sent to you. It’s only for your use, but cybercrooks will invent excuses to wrest it from you, she warns.
6. Use antivirus security software and perform security updates as required.
7. When visiting a website, look for the lock next to the domain name displayed by your browser, Budd says. It’s like a website’s driver’s license. Click on the lock to ensure the site is what it says it is. If, say, you want to visit macys.com, don’t make a purchase if what’s behind the lock says something unusual, such as firstname.lastname@example.org.
8. When online shopping, consider checking out as a guest, and think twice about having a vendor store your payment information. Anscombe at ESET never lets a merchant store his credit card information. “I type it in — it’s a 16-digit number,” he says. “Don’t leave your data laying all over the internet, because that’s in fact what you’re doing.”
9. Ask for help from a trusted person or entity if cybersecurity measures are a challenge. And if doing it all seems overwhelming, Velasquez urges taking baby steps, since “even if you make small changes, you are making a difference.”
Katherine Skiba covers scams and fraud for AARP. Previously she was a reporter with the Chicago Tribune, U.S. News & World Report, and the Milwaukee Journal Sentinel. She was a recipient of Harvard University's Nieman Fellowship and is the author of the book, Sister in the Band of Brothers: Embedded with the 101st Airborne in Iraq.