> I now understand why banks do not use email addresses as the login id. The thief would not (easily) be able to align my email address with my bank login id.
This is an important point and one I've been thinking about for years. There's so much discussion about using password managers and good password practices and 2fA but almost no discussion on how using a single identifier to log into all these various services is in itself a huge security vulnerability. If we had different login usernames for each service, gaining access to people's accounts would be that much more difficult.
Email should be reserved for communications and not double as a means for authentication.
This is an important point and one I've been thinking about for years. There's so much discussion about using password managers and good password practices and 2fA but almost no discussion on how using a single identifier to log into all these various services is in itself a huge security vulnerability. If we had different login usernames for each service, gaining access to people's accounts would be that much more difficult.
Email should be reserved for communications and not double as a means for authentication.