I am usually logging into websites using my phone’s Google main account. It’s easier, although unhealthy, many times.
Today, I have uploaded a CV on TotalJobs, and the site requested from me access to do practically everything on my Google Drive. They are rude!
Long story short, I had to accept otherwise I could not have uploaded the CV. Immediately afterwards however Google sent me a notification email that I should not give permission to every third party app to read, write, and delete files on my account.
That put me under alert, because who knows how many times I have done it before without even being aware of it.
Therefore, I decided to clean my Gmail account, but unfortunately it seems that the only way to achieve that responsibly means to create a whole new account.
I noticed that the phone number can be changed in the Monzo app, but not as well the email address unfortunately. Is it just me…?
P.S. I googled for other similar cases but only found a couple of them totally different from mine. E.g. someone who could not have access to his old email, whilst I have.
That’s a job that can be done by support through the in-app chat facility.
Surely would’ve been much simpler to create a new account for TotalJobs to access?
Definitely! That’s what I intend to do. I can’t exactly know on which ways a Gmail account can be compromised in terms of security, and how some shady people can do things into your account sooner or later. I have cut any third app’s access (they were quite a few) in the Google Account section. However, as I’m not an expert I read a blog that suggested that the only way to prolerly clean a Google Account is to change it, and use two accounts. One for trusted sites and apps. The other for temporary purposes like applying for a job, etc.
I already need to do this, and start feom scratch. It would have been easier if there was an option to change email in the Monzo app, nut I presume that for security purposes, as the app has no pin like Starling has, the Monzo team chose to make it less easy for a phone thief to cut your access to your Monzo account.
Thanks for the replies, both!
I agree with @j06. Surely you could just revoke TotalJobs access to your Google account (along with anyone else in the list) and then simply change the password if you wanted to be extra safe?
It’s not easy so make sure you have 2FA enabled and that will be a good enough start.
This is a good idea in theory but they will eventually end up merging and becoming as messy as each other. Like it or not your “trusted” apps and sites will still share your details and your email address will likely get stolen in a data breach so you’ll still get spam etc.
Yeah, you’re right, actually. No apps can be entirely trusted, as the new mobile tehnology itself was designed to work this way. Maybe I’m too paranoid sometimes. The Google account itself was designed to open a door through which to be able to enter in our lives and make things easier for us, which it does, with the risk that that door can open the way to so much crockery. It’s inevitable. I will never create the safest, invincible Google account, as one’s Google account is in itself a big fat Trojan horse. I should just clean up this Google account, perhaps, in its main settings, and subsequently make sure I always check for any app’s direct access, as well as unsubscribe from unwanted notifications and spam.
It’s all the Russians’ fault.
I basically aim to use one account for ‘important’ things (or at least I see them as important) such as banking, formal communications with employers or government institutions, important travel arrangements. I use a separate account for anything ‘spammy’ such as accessing mobile games, surveys etc.
As @Ordog said though, the lines can become a bit blurred sometimes and I sign up for a service using the wrong email. Just have to make a conscious effort to do a review from time to time.
As for whether this is actually more secure, it’s hard to say. Even the big boys have data breaches, and if anything are more targeted.
Edit: Just checked haveibeenpwned for my ‘throwaway’ account and it suffered breaches from:
- Last.fm in March 2012
- Adobe in October 2013
- Bitly in May 2014
- LinkedIn in May 2016
- River City Media in January 2017
- MongoDB data scraping of LinkedIn in October and November 2018
I’m going to go with the separate account thing looks like it basically works for me although I probably shouldn’t have been using my throwaway account for LinkedIn, thankfully it’s already been changed…
Ooo, meant to raise a thread about this, so thanks for shoving me into action
I tried in the Android app towards the end of 2018 and found I was unable
There were two slightly conflicting help pages that said I should be able to, and a COP told me on a chat that I should be able to, but ultimately they changed it via that chat (including additional fingerprint scan to validate)
So either this is a bug that needs fixing or the help pages need updating
Can anyone advise which applies?
Instead of using a different account for each service, if you use Google Mail like the OP there’s a pretty nifty trick that you can use which may help?
For example. If my email address is email@example.com (it isn’t) I can use as many aliases as I like using the + symbol.
So when registering at each company, you would enter:
These will all go into your main firstname.lastname@example.org inbox but you can setup rules to move them into folders should you wish. Then if you stop using a service you can simply make a rule to move any mail from email@example.com straight to trash. This keeps everything neat and tidy and negates the need setting up multiple email accounts
That’s actually a pretty sweet feature, didn’t know about that. Doesn’t reduce the impact of a data breach as they can just remove anything before the ‘+’, but definitely a cool housekeeping feature
Yeah, some people make take the data from a breach and remove everything before the + but I would imagine that many don’t. As for marketing, they certainly don’t because this is automated and on mass so you should be fine for the majority
Annoying when email fields in forms don’t recognise + as a valid character though
Can’t say I’ve had that yet ** touch wood ** since most just check for an ‘@’ and a ‘.’ but I can imagine some may be more stringent
I use a personal account and an ‘everything else’ account. Helps keep important emails from being drowned out by spam and mailing lists as well as guarding exposure to breaches.
I use the + trick as well for both accounts, also helps see who’s been selling their mailing lists on.
I’ve a handful of breaches for the 'everything else account, and none so far (knock on wood) for my personal account.
My exposure to the breaches is limited thanks to using 1 Password to set unique passwords for every site I have an account of some form with.
Alternative approach to the above that I am now using (hence my email change)
I got a new domain from Google
Set a wildcard * redirect to my main Gmail account
Changed all websites to use firstname.lastname@example.org
The wildcard redirect means that I can use the new address without having to set it up anywhere
All emails come through to Gmail account with destination email address intact so I can see where they were sent and can notice if they share the details with other companies
The + extension technique I seem to remember had issues with Discourse at one point within the last year (resolved?)
I like this idea.
So are you saying if in theory I bought domain.com I could use email@example.com, firstname.lastname@example.org, email@example.com (effectively like @ordog’s ‘+’ solution?) and they all come in to one mailbox? Presumably I could then use filters/rules to separate them out if I wanted to?
To clarify, I think it has to be the other way round …
You’re right, my bad. I’ll edit my post in a second. Thank you!
Yes, pretty much exactly that
The only thing I cannot get working is responding from domain.com - responses come from my main Gmail account address
That seems intractable in the brief time I spent on it - Gmail can uses aliases with separate mail servers, but not in this MX mapping case