Categories
Uncategorized

Don’t ask us, ask these security experts: the security principles behind Hyve

In case you hadn’t yet heard, I’m on a Startup Bus team, Hyve. We built an anti-email abuse system that uses virtual disposable email addresses (DEAs) — in three days, and on a bus.

Hyve is based on a long-standing email security principle: use different email addresses that are dedicated to single uses. The reason that most of us don’t do this is because it’s a cumbersome, painful process. Hyve automates the creation of virtual email intermediaries that you use to connect to or sign into services, and you can mute them if you need a little silence or delete them if you need to cut off spam, annoyances, or other email abuse.

You might be asking: “Does Hyve’s underlying principle actually work?” Don’t ask us — ask the security experts below.

Spoiler: YES.

Huffington Post: The Simple Email Trick that Identity Thieves Hate

Email is personally identifiable information — why are you using it as the way to identify yourself to parties who are likely to sell it? Don’t use your primary email address to log into services — create a secret one solely for that purpose.

Wallethacks: Why I Have a Secret “Classified” Email Address

The author’s use of different email addresses for different kinds of services is borrowed from a U.S. government security principle: use classified and unclassified systems, and keep them separate. This means creating separate email addresses for secure and sensitive purposes such as banking, and never using these addresses for anything other than their designated purpose.

Lifehacker: Use a Unique, Secure Email Address Solely for Password Recovery

When you click “I forgot my password” on a login screen, you’re often sent a password recovery link via email. With the prevalence — and profitability — of social engineering attacks, it makes sense to use an email address that nobody else knows.

Securosis blog: Consumer Security Tip – Use Multiple Email Accounts To Reduce Fraud And Spam

Lots of interesting ideas in this article. The main idea behind this article is to use different email addresses for different purposes, such as:

  • An address for buying online when you don’t trust the store: Another Gmail/Yahoo/Hotmail address you use for risky online purchases, and nothing else. That way, if a site you use is compromised you can easily change addresses without too much difficulty. These are the smaller online retailers you don’t really know or trust as much as Amazon and Ebay.
  • An address for trusted retailers: This is your Amazon, Ebay, and Apple address- one you use to buy things from major retailers. This can be the same as your permanent address. Let’s be realistic, I use a few major retail sites and have never had any problems with spam or fraud by letting them use my main address. Yes, it’s a risk if they get breached, but it’s one I’m willing to take for a small group of stores I use more frequently. If you do this, make sure you opt out of any of their marketing emails. This is in your account preferences when you log in.
  • An address for email subscriptions: This is for newsletters, fora, and other sites where your email might not be private.

Sign up for Hyve today!

Despite the fact that Hyve came into being over a three-day trip on a bus taking a zig-zag route through the southeast U.S., we have a working product that we’d love to have you try out! Come to our site, Hyve.email, and sign up for the cure to spam and other email bad actors.