Skip to content
 

​Can Multiple Email Addresses Protect You From Cyber Thieves?

​Security experts explain how to stay safe online whether you have one account or a hundred

Closeup of a man hand holding cellphone with internet browser on screen. Man with spectacles relaxing sitting on couch while looking at mobile phone. Closeup of man using a smartphone to checking email at home.

Ridofranz/Getty Images

En español

For security and privacy online, do you really need more than one email account?

Some experts say having more than one can better safeguard your personal and financial information from sticky-fingered cybercriminals. You might have separate accounts for financial matters, family and friends, online shopping, newsletter subscriptions, and so on.

If you’re an online dater, add a separate email that can’t be traced to a primary email account in case your digital suitor turns out to be a stalker, says Tony Anscombe, chief security evangelist for the cybersecurity firm ESET. If things sour, he says, you can just delete the discrete account, and disappear.

"Even if you only have two (email) addresses, separate your finances and put everything else in the other address."

— Tony Anscombe of ESET

Gmail is the highly popular, free email service from Google. A company spokesperson told AARP that while secondary email accounts have some benefits — such as helping people stay organized and protecting their privacy — they aren’t necessary.

“The most impactful thing users can do to protect their security online is to not reuse passwords, and enable two-step verification for their accounts,” the spokesperson added.

Some security pros agree that one email is adequate, but urge users to follow key safeguards.

  • Use multi-factor authentication, which may include biometrics, to sign onto your account — or as Google suggested, two-step verification that may require you to enter a one-time authentication code sent by text or email in addition to your password. (Sometimes this is required only when signing on from an unrecognized computer device.)

  • Have a strong, unique password to access your email account, and never use an identical password anyplace else. Remember to periodically change your passwords.

  • Use a different sign-on name— not your email address — when you visit websites to browse, shop or pay bills, for example.

  • Delete sketchy emails without opening them, and refuse to click links or open attachments within them.

Love it or hate it, email prevails

Though there are many ways to talk to others online, including instant messages, social media and chat apps, email remains an integral part of online life, say researchers at Statista, which found that in 2020 the world’s 4 billion email users sent and received about 306 billion emails every day.

But if one person sets up too many email accounts, it adds complexity that may increase the risk of victimization, cautions Christopher Budd of the cybersecurity firm Avast. He likens a person with too many accounts to a homeowner who has a $20,000 security system but doesn’t know how to use it. The costly bells and whistles are not “going to protect you as well as a good deadbolt lock that you had installed and know how to operate,” says Budd, Avast’s senior global threat communications manager.

"If you regularly set yourself up to not get offers and such through email, then that puts you in a better place to be suspicious when you do get offers."

— Christopher Budd of Avast
Eva Velasquez is president and CEO of the Identity Theft Resource Center

Eva Velasquez

Eva Velasquez is president and CEO of the Identity Theft Resource Center.

If people feel they can handle multiple accounts safely, they should consider that, Budd says. “But if, instead of one account that’s well-protected — say with two-factor or multi-factor authentication — they have four or five accounts, all with poor security, that’s a net loss.”

At the Identity Theft Resource Center, a national nonprofit in San Diego, president and CEO Eva Velasquez notes that cybersecurity is not one-size-fits-all. “If you’re tech-savvy and you have the skills and the ability to manage multiple email accounts appropriately, then that’s the best practice,” she says.

Consumers with more than one email account should keep financial matters in a separate account and  may want to use this account when checking out their Social Security account, Velasquez says.

Having separate email accounts may seem smart at a time when data breaches are common, but Velasquez says juggling multiple accounts may be too much trouble for some. She urges them to ratchet up cybersecurity on their primary email account, so they don’t become the “low hanging fruit” that identity thieves devour. 

Need another email account?

• Use the free service you’re now using, or another one, to set it up. You’ll want to use a very different email name for yourself — and one that doesn't reveal personal information — so if one email account is compromised, a cybercriminal can’t guess the other. Importantly, use a different password and enable two-factor or multi-factor authentication on additional email accounts when possible.

• Apple offers Hide My Email to subscribers of iCloud+, which offers cloud storage and premium features at a cost of $0.99, $2.99 or $9.99 a month.

Hide My Email generates unique, random email addresses from an iPhone, iPad or Mac that has the most current operating system installed. The emails automatically forward to a personal inbox affiliated with your Apple account. You can create as many extra emails as you want and keep them until you deactivate them. Providing you stay in the same email thread, the email recipient won’t see your primary email account.

• Similarly, Microsoft OutlookZoho Mail and others offer similar services, though terms vary.

Even small steps help

More pro tips:

1. Take pains to keep your email address private; share it only with those who need it. You might want to route nonessential senders to an email account set up for junk.

2. Limit the incoming communications for which you sign up, since a less cluttered inbox will make it easier to detect sketchy emails — which you should ignore, delete and consider flagging to your email provider.

3. If you receive a suspicious, unsolicited email, don’t hit “unsubscribe,” since you could signal a bad actor that the email used to respond is valid and active, Anscombe says.

4. Be careful what you share with merchants. If asked for your birthday to receive a gift or discount, pick a random date, Velasquez says.

5. Never share an authentication code sent to you. It’s only for your use, but cybercrooks will invent excuses to wrest it from you, she warns.

6. Use antivirus security software and perform security updates as required.

7. When visiting a website, look for the lock next to the domain name displayed by your browser, Budd says. It’s like a website’s driver’s license. Click on the lock to ensure the site is what it says it is. If, say, you want to visit macys.com, don’t make a purchase if what’s behind the lock says something unusual, such as m@cys.com.

8. When online shopping, consider checking out as a guest, and think twice about having a vendor store your payment information. Anscombe at ESET never lets a merchant store his credit card information. “I type it in — it’s a 16-digit number,” he says. “Don’t leave your data laying all over the internet, because that’s in fact what you’re doing.”

9. Ask for help from a trusted person or entity if cybersecurity measures are a challenge. And if doing it all seems overwhelming, Velasquez urges taking baby steps, since “even if you make small changes, you are making a difference.”

Katherine Skiba covers scams and fraud for AARP. Previously she was a reporter with the Chicago Tribune, U.S. News & World Report, and the Milwaukee Journal Sentinel. She was a recipient of Harvard University's Nieman Fellowship and is the author of the book, Sister in the Band of Brothers: Embedded with the 101st Airborne in Iraq.

AARP’s Fraud Watch Network can help you spot and avoid scams. Sign up for free Watchdog Alerts, review our scam-tracking map, or call our toll-free fraud helpline at 877-908-3360 if you or a loved one suspect you’ve been a victim.