Ask HN: Use randomly generated email addresses for extra security?
It seems that one attack vector used to hack accounts is based on the same email address being used on multiple sites. This would also go for email addresses using a simple algorithm (ie. news.ycombinator@somedomain.net for HN, facebook@somedomain.net at FB, etc).
In the age of keepass/lastpass etc, and on a scale of 1 to "tin foil hat", would it be better to use a randomly generated address for each site (ie. 46ia0ygd51tw9src@somedomain.net)?
Edit: This is using your own custom domain, and catch all email address. You could probably use gmail/hotmail accounts, but setting them up would be very annoying. With Gmail (at least) you can use john.smith+46ia0ygd51tw9src@gmail and it will get to you. Standards say that +-addresses must work this way, and most receiving servers implement this correctly. I actually had more trouble when some sending service failed to send to such an address correctly. So, at least with gmail, you could implement randomly generated email addresses for logging in. The question is, does this solve the problem and is it a problem worth solving?