[300bps]

This is obviously a serious issue. One way to mitigate it is to use email addresses that have specific purposes.

firstinitiallastname@gmail.com is my "public" email address that is used for friends and what not.

genericemail@gmail.com is the email address I use for many retail sites.

I then have an email address dedicated to each commonly used site (Amazon, Coinbase, etc).

I also have Google two-factor authentication turned on for each email.

[kochb]

Why so many accounts? You can use the "jsmith+coinbase@gmail.com" syntax to get a unique email address for each service. Two factor auth drastically frustrates an account hijack, so you're gaining almost nothing by separating them.

[300bps]

you're gaining almost nothing by separating them.

This isn't true at all. jsmith+coinbase@gmail.com can be easily guessed by someone doing a spearphishing attack, either directly against you or indirectly against you using a vendor. Read this to see a real world example:

http://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/

If the person who was hacked in that article had a unique email address at Amazon like mnmnmnmnmnmnmn696969696969@gmail.com then the attacker wouldn't have had any place to start the conversation with Amazon over the phone. Security by obscurity isn't perfect, but in many cases it does put up enough roadblocks to make someone give up.

If you use your technique, someone can also send you a spearphishing email purporting to come from any vendor that might fool you. On the other hand, if you get an email from Amazon to your Coinbase account it will be readily apparent it's fake.

[kochb]

Same logic applies, "jsmith+mnmnmnmnmnmnmn696969696969@gmail.com" then. Add a filter to discard email to that address unless it's from Coinbase. Done.

[sillysaurus3]

I gave up on that long ago because few sites actually allow the foo+bar@email.com syntax. + seems to be disallowed by most regex filters.