Enhance personal security with strong, unique passwords and email aliases

The first hint was a suspicious email from Auberge Resorts, a business I had no dealings with – it landed in my inbox at 5:16 pm on November 6. At first, I was just annoyed. Who was selling my email address? Upon further analysis, I was able to pinpoint the origins of how my data got leaked. I’ll explain later on here, but first, here’s an overview of my personal Bitwarden account setup:

My vault includes 384 items, which breaks out into 356 logins, 1 credit card, 1 identity, and 28 secure notes. For all logins, the first layer of security starts with the Bitwarden password generator, which creates strong and unique passwords for each website, making it harder for hackers to brute-force their way in. 

For certain logins, I want to add layers of security. These are logins tied to my financial livelihood, which include banking accounts, retirement and investment accounts, credit card accounts, and my Bitwarden account. A breach into any of these accounts can cause severe economic ruin for me and my family so maximum security coverage is paramount when developing my security plan. 

To log into an account, you typically need two pieces of information: an email address that acts as the username as well as the password. All of my logins already have a strong, unique password as the first layer of security. For logins tied to financial accounts, I have unique usernames for each account. To do so, I created a dedicated email account that is only used to log into these financial credentials. 

To keep my dedicated email hidden, let’s say the email dedicated to logging into these financial accounts was gina@secretemail.com. I do not use this email to sign up for any marketing offers or to sign up for any other services.

Where possible, I use a form of email aliasing to create unique usernames into each financial service. Plus addressed email aliasing is where you can add + and it will forward to your email. So, for example, when signing up, I would do the following:

1. Go to Financial Service website. 

2. Sign up with email being gina+servicename@secretemail.com.

3. Generate a strong, unique password with the generator via Bitwarden.

4. Create my new account. 

So, gina+servicename1@secretemail.com, gina+servicename2@secretemail.com, etc. are forwarded to my one dedicated email, gina@secretemail.com. 

Not all websites allow + in the email or username sign-up so you aren’t always able to create a unique username in addition to the unique password. 

I also use the built-in authenticator where possible to set up two-step login on these accounts - unfortunately, most financial institutions only support SMS-based two-step login. 

Going back to the suspicious email mentioned earlier, here’s what that email from Auberge Resorts at no_reply@aubergergeresorts.com looked like. 

I searched Bowie House, which seemed like a legitimate business, a luxury resort in Texas.

Ten minutes later, I received this email from the same no_reply@aubergergeresorts.com address. The second email looks like a request for a crypto withdrawal, which seems to be very different from a luxury resort website. Celsius, a cryptocurrency company, went bankrupt in February 2024. My suspicions heightened.

When I looked at who the email was sent to, it was using one of my email aliases of + fidelity.

I searched for “Fidelity data breach” to see if my email was exposed. Sure enough, there are a few articles, outlining that 77k Fidelity customers’ information were exposed in a data breach. Conclusion: My Fidelity account email was part of that breach. 

Thanks to the email alias tool offered in Bitwarden, I was able to track down where and how my email address was compromised and quickly update the passwords associated with that account. 

Luckily, there haven't been any login attempts into my Fidelity account and my exposure risk is probably minimal, given that I had a strong, unique password in addition to two-step login enabled. My other financial accounts are also most likely secure.

Out of an abundance of caution, I will probably create a new dedicated email account and update my financial accounts. Another day on the internet.  

Bitwarden does more than store and secure passwords. The password generator makes it quick and easy to create strong and unique passwords for all your accounts. Bitwarden also integrates with leading email forwarding services such as Addy.io, Fastmail, DuckDuckGo, and more to easily generate forwarded email aliases directly in Bitwarden Password Manager. These tools provide convenient and helpful ways to add to your security. Whether you’re an individual user or a business, Bitwarden has the right plan for you.