Originally published at: https://boingboing.net/2018/09/26/authentication-crisis.html
…
5 Likes
That are often saved in plaintext by websites that don’t know any better.
2 Likes
This is a cool idea.
Sadly I have a catch all on my domain so I can’t use this service.
(Ex: comcast@acrostic.com, chase@acrostic.com - every retailer gets their own email)
As an aside, apparently this also frustrates data brokers since a common method to correlate people is to hash the email.
1 Like
Interesting. Does it take a lot of time to manage, though?
1 Like
I do the same. If you own the domain? Go to the source and set yourself up for domain-wide breach notifications: https://haveibeenpwned.com/domainsearch
I’ve been subscribed for a few years now. It hasn’t turned up much for personal domains, but the work ones? I’ve had to chat to executive management a few times about breaches.
1 Like
That’s the comment I was about to make.
A @.example.com search would be useful.
My reply was edited automatically
I wrote asterisk@asterisk.example.com
And that reply was edited automatically as well.
I wrote
My reply was edited automatically Angled bracked groan Angled braket.
Not really. *@mydomain.com redirects to one inbox (“catch all”)
I maintain a list of important addies in case I move to a provider that doesn’t allow catch alls, but for now it’s fairly painless.
1 Like
Thanks, this is useful.
Luckily nothing surprising - all the the breaches are from after I started using a password manager and for low value accounts. 
This topic was automatically closed after 5 days. New replies are no longer allowed.
