i also did this: created an email address that i use exclusively on apple. it actually wasn’t hard at all.

zero issues since.

> The problem stems from nefarious groups getting a hold of email addresses and running distributed dictionary attacks.

years back my email was leaked by a website that i never visited. apparently someone signed up using my email address and the website never verified the email.

in the meantime more and more people used the same email address [0] to signup everywhere (it’s not the same person, i checked).

[0] gmail ignores dots in usernames: https://support.google.com/mail/answer/7436150?hl=en#:~:text....

at this point my emails should be random hashes@random hash domain

Another tip is to run a custom domain for email that just serves to redirect mail to your real email address. It's is a handy way of keeping track of how and who has leaked your information.

For example I give custom email addresses to every service I sign up for, then I can see who they on-sold that information to, or if the email address turns up in database hack.

The only thing to be mindful about with this approach is to choose a service that gives you a fair bit of control over how to manage that incoming email. Such as being able to bounce or block specific email addresses including the use of wildcards, because I notice some hacking groups will try permutations based on the original email address.

> gmail ignores dots in usernames

Does account sign-in also ignore dots? If not, if sign-in is sensitive, there's a path to somewhat better safety: Start incrementally moving all daily email to variants containing added dot characters.

> The problem stems from nefarious groups getting a hold of email addresses and running distributed dictionary attacks.

I use [REDACTED] as a provider and I create an email address/account (if possible) per company/domain I interact with (e.g.: personal_github@domain.tld or amazon_personal@domain.tld). This produces two results:

1. No shared credentials across any space.

2. Any junk emails to these addresses immediately tells me who's sold it (or been hacked) and I delete the account[s] and relevant email aliases and get on with my day.

Some services, like Firefox, are starting to offer a form of "hide my email address" but this doesn't solve the problem of using <fistnamelastname@somepopularhostingservice.tld> as the same login id across a lot of services. If that was dumped somewhere, it is probably a strong bet someone has used that as their login, elsewhere.

I don't know if there's another viable solution - but this reduction of possible login ids to one unique id per site is the only way I know how to (possibly) prevent myself from being an easy dictionary attack target.

Edit: formatting

> The problem stems from nefarious groups getting a hold of email addresses and running distributed dictionary attacks.

Citation requested.

Wife got locked out yesterday.

Got a message on her phone (settings notification). She had to change her password through the settings app.

Called Apple just to check and they said they weren’t seeing any weird activity. That they did see the password was changed, but no weird login or attempted logins.

So, in my sample of 1, that wasn’t the case.

> they said they weren’t seeing any weird activity

Yet did not give a cause for the lockout?

"As a tip: Do something completely unintuitive, annoying and also you had to have started doing this years ago, and maybe apple won't lock you out. Fingers crossed!"

No need for snark, you can change your Apple ID at any time.

> The problem stems from nefarious groups getting a hold of email addresses and running distributed dictionary attacks.

Are Google accounts similarly vulnerable to such attacks?

My AppleID login is my primary GMail account, but with a +postfix. I guess it achieves the same purpose, but with less mailboxes.

What a shitty idea to use public information as a login.

That depends.

In the app we have released, we use an email (we don’t care which one, as long as it can receive email) as the login ID.

The main reason is to limit the data we require be stored on the server.

We only have one required PID item: the login ID. The user also enters a display name, but that can be anything, and does not need to be unique.

Since we need the email anyway, we would need to have it stored separately, so this means only one PID item is stored. We also afford Sign in with Apple, which allows the user to obfuscate their email.

Not having the information is the best way to ensure it doesn’t leak.

Would it not be better to allow arbitrary login IDs? Then you don't even have to store email addresses?

It's not fully arbitrary, but one can make an Apple ID from any email address or phone number (i.e. you can use a hotmail address if you like), both approaches dodge the issue mentioned since they're not obviously apple accounts.

However the issue with using something like a gmail or hotmail account is that instead of targeting Apple's servers, they just target Google and Microsoft's instead.

How would we send emails, then?

That's a requirement of the app, and why we need to store emails.