For the past three decades, I have had the same email address and domain name. The time has come to consider selling the latter, which means I have to figure out where I am using the former. It isn’t a pretty picture.
Part of the problem — a big, messy, and difficult part — is that my email is used as a primary login ID in several hundred websites and apps. This wasn’t my choice, and sadly, for many website logins, it is still the standard operating procedure.
When I first began this project the number of my site logins was over 500. How do I know this? It is because for many years I have used password managers to handle my logins. I began using LastPass and moved two years ago to Zoho Vault. This project would have been impossible without a password manager.
That being said, it was time for a major cleanup on aisle P. Many of these websites have gone the way of the dodo, or at least evaporated into the dim reaches of cyberspace. Remember efax.com or tweetsmap? The former was an internet faxing site that for years had a secret free service for low-volume receiving faxes, the latter a Twitter analytics service. Both sites will forward to more recent domains, but my logins have disappeared.
There were plenty of other domains that I will no longer be visiting, and they read like a testimonial to the early days of the web: I can’t recall when the last time I rented a car from Hertz ,made a payment using Paypal, had a conference using Webex or used Quickbooks for my accounting needs. All of these items were true back in the early 2000s. That made me a bit sad, seeing how innovative each of those sites were (and many others that you probably wouldn’t recognize what they did back in the day). Rather than mourn their demise, we should be glad that the march of time has brought us Lyft and Venmo, to name two more recent examples.These bygone logins show how far we have come, where we think nothing of tracking and then getting into some stranger’s car or sending a digital payment from our phones.
The issue is that if I do sell my domain, I have to move away from my email ID to something else, and to do the move before my legacy email stops working. Many of the logins have a very convoluted way to change your email address, and often one step is that they first send a notification message to the old address to make sure that it is you that is doing the changing, and not some Russian hacker that is about to gain access to your identity. I am not complaining (well, maybe a little bit) and glad there is some security, however fragile.
There is really no way to automate this process. Making matters worse is that each website tucks away the spot where you can make an email change, which is a massive UI issue too. The airlines are the particular worst offenders here: for Delta and United, I had better luck using their mobile apps than their web interfaces to make the change. For Southwest, I had to call them and walk through a very odd series of steps to find that buried treasure — but first I had to log out of my account. I know, actually talk to someone? On the phone? Let’s party like it is 1999.
For those few sites that offer a non-email ID, this is a better mousetrap because it eliminates the authentication step and places the email portion out of the login stream. Better yet are those sites that offer a passkey, but hey, that is still considered new tech (ahem, it has been around for nearly a decade).
And BTW, I managed to weed out more than 150 logins as I made my way through my password manager. So some progress!
But wait, there is more. Since I use Google to manage email, I also use Google to manage my contact address book. Over the years it has contained thousands of people. For years now I have been dutifully making CSV backups of these contacts, but never really tested to see if I could restore the entire list, with all its metadata labels, to another account. Bad practice to be sure. I am happy to report that I was able to import the list just fine. I still have Google Docs/Sheets/ etc. content to migrate over too. Lots of weeding to be done, for sure.
I’m glad my tech situation is waaaay simpler than yours. But since I retired in April (yay me!) LinkedIn has made it impossible to edit the work email associated with my account. Everytime I log in, I get a banner warning that my email address no longer works. But the mechanism to change it doesn’t work. A support ticket I opened was never acknowledged. Probably will lose my account at some point. Good thing I don’t really need it anymore!
Ugh. Sounds like a real bear.
David, I feel your pain. Regularly. Decades ago, when broadband internet arrived here, I signed up for a free charter.net account. I use many web sites tied to this account, and moving them would be sheer grief as you have surmised. I guess it’s no better and no worse than having them tied to a hosted domain. On the other hand, my gmail account poses no problems with logins.
Not only email address,your phone number too
Your phone number is like your identification now
You better not lose your phone number
Interesting topic. Some people may prefer their email to be their identifier (no need to look or or remember passwords) but I don’t like that practice. Cybersecurity companies like Proton say we should zealously protect the privacy of our email address(es) because bad guys use them as the first step to hacking our accounts. That’s why they offer email masking, AKA aliases.
I don’t use gMail because it’s not a search business, rather an advertising business. So I don’t trust Google to “know” everything about me. (I use proton email and have another account tied to my web address.)
I don’t use VENMO because I’ve heard many stories about people’s accounts being hacked. I still use PayPal – their terrible security breaches were so many years ago that I tend to forget. However it’s annoying that I have to take extra steps to decline PayPal’s helpful offer to “keep me logged in on this safe device.” No thanks. I’d guess PP wants you to stay logged in so it can sell your location as you drive about. I can drive by a Dunkin and NOT receive a text offering a free coffee. I like that! But it’s just a theory.
BTW I don’t use a password manager, easy for me to say as I have a fraction of the accounts that you do David. The Last Pass breach scared me off. A friend who is quite a cybersecurity expert won’t use a password manager for the same reason, he uses YubiKey.
Dave,
Maybe we have similar views because we’re from a similar time … when all this stuff was being created, and you were reporting on it, while I was participating in the creation. In any case, we are, yet again, completely in sync … with one minor edit.
Namely, I agree completely with the lunacy of using an email address as a login ID. That’s akin to using your street address to verify who you are. The former can change dozens of times, while the latter never does. Ditto for email addresses! I’ve had two changes of ISP, and each mandated a new email, though to a lesser extent each time, as I migrated off “name@ISP.com” to “name@gmail.com”. I hated to give in to Google data collection, but I saw no other practical way that didn’t have the same trouble. It was a HORRIBLE thing to have to do … but, having always been in IT, with a focus on data organization, I managed readily, using my own home-grown password management scheme.
And that’s my edit. You don’t need a commercial password manager, if you organize wisely.
But I echo all your conclusions – there was benefit in trashing old unused accounts and/or simply realizing that some Websites no longer exist. A good purge is always useful:-)