The Email Project

I shared this yesterday on my vlog but I wanted to document the project here and perhaps give a little more context for what I’m doing.

I’ve shared historically how I’ve been a Google Mail customer for (now) over 13+ years and although I have tried to move on from it (most recently Superhuman) it’s just been an impossible task.

And I really hadn’t given it much thought about ever changing until my brother was seriously hacked, like NSA-level type of shit.

To make a long story very, very short, the thieves managed to hack his Verizon account, port his phone # over to a new device, and then systematically access his entire digital life.

It’s been nothing short of breathtaking to see how comprehensive and how deep they went essentially closing and locking him out of everything while he slept.

It was also very clear their intent: To gain access to his financial accounts and perhaps more specifically his cryptocurrency holdings (which are substantial).

The last few days have been a living nightmare for him (and his family) and it has spooked me to a level that is unfamiliar and deeply uncomfortable.

It’s been so disconcerting that I’ve decided to quit my existing email cold turkey and begin with a brand new email, just minted yesterday.

If this sounds insane then you’d be absolutely right. The thing is that it’s just slightly less insane than the thought of being compromised with 13+ years of legacy data that could grant access to my entire family’s digital store.

Consequently, the anxiety was so profound that it took me only 24 hours to cycle through my options and get to a clear decision-yet-dramatic decision: I would immediately change my primary email address to something new and begin the month-long (year-long…?!) process of moving accounts over.

999 logins…

I use 1Password and it appears that I have nearly 1,000 logins, most that use that legacy email address. The security threat and risk that that creates is mind-boggling.

And, of course, that’s just the logins that I’m aware of! I’ve probably signed up to 10,000 more that I just haven’t captured previous to the start of using 1Password!

Scares the living shit out of me.

My Process (So Far)…

Today, as I write this, is Day Zero, the first full day of using a new email account.

The first thing that I’ve done is close down all email accounts that are active but generally not used. I have more of these than I am willing to admit.

Second, for the very few that are still active and used I have created simple forwarding functions to my new email address that will help me assess what accounts and online services still send email and, over time, I will “drain” and wean off of them.

Third, I have created a number of complex filters so that I can understand the volume of email that is coming from specific emails:

Filters are good…

And I’ll have a good sense, hopefully in the next few months, what accounts I can more permanently delete and the ones that may still contain credentials that need to be swapped out.

In time, I should be able to remove these filters as I delete other legacy email accounts.

Finally, I have double-checked 2-Factor Authentication on all email accounts as well as updated every single password to something new and fresh. My brother, who is my twin, is a very, very close degree of separation and there’s no reason why I couldn’t be a next target.

I have spent the better part of yesterday and all of today changing the vast majority of the sites and services that I use every single day. Those are obvious and first-order changes.

What will take the most time (and I’m prepared for it) are the accounts that are no less important but just frequented less, accounts like certain financial services that may or may not be on “auto-pilot” because I use them through some developer API or SDK (i.e. I never actually “log in” to the service directly).

This will take much more time than I even dare to hope but what my brother is going through would be near-fatal for me. I have already told my wife that it could be the most anxiety-creating event to ever happen in my digital life… and I’ve seen and experienced some crazy shit on these internets…

And I’ll do whatever it takes to prevent that from happening.

So, what does this mean for you? Well, it doesn’t mean that you have to do anything! At the very least you should:

  1. 2-Factor Authentication for everything that you can.
  2. Update / Refresh your passwords. Now.
  3. Think through your password and security systems… using something like 1Password is a must-have.

These 3 things are front-line defenses, table-stakes really. If you don’t do these things then you’re asking for trouble. There are, of course, even more things you can do but start here. Please. For your own sake.

Stay safe out there friends.