[n2h4]

what i noticed from you and a couple other similar stories in this thread is that a same email is used at multiple places. Have you looked into email aliases like simplelogin, anonaddy, or anything of that sort?

or at the very least, the basic username+alias@domain.tld? this let's you know at least which thing was compromised.

of course, I don't recommend doing the same for important services like you banking accounts, but for the vast majority, having an alias would be enough.

and compartmentalisation always helps (different emails/accounts for personal, govt, and work domains).

[SeanAnderson]

Honestly, I created the two-email setup at a different time in my life. After the hack, I decided it was easier and more desirable to just use one address. My works speak more for me than a firstname.lastname email now that I've gained some life experience.

I haven't considered looking into other email alias tools. The whole area wasn't something I had put much thought into after getting things the way I wanted a decade prior.

In email, I have used the "+" format in some situations where I'm curious if a third-party is going to leak my contact details. It's not something I use every day, but it is a useful tool, I agree.

The problem with getting a Google account hacked is that Google, by default, really wants to save your passwords for you. So, even though I keep passwords in KeePass, plenty of them ended up remembered inside Chrome, too. Once the hacker compromised the Google account I had to assume every website listed in my password manager needed to be rotated. Plus, I had to change every account that I registered using my "firstname.lastname" email - so I was basically already sold on needing to have to revisit every website I'd ever used.