It seems that one attack vector used to hack accounts is based on the same email address being used on multiple sites. This would also go for email addresses using a simple algorithm (ie. news.ycombinator@somedomain.net for HN, facebook@somedomain.net at FB, etc).<p>In the age of keepass/lastpass etc, and on a scale of 1 to "tin foil hat", would it be better to use a randomly generated address for each site (ie. 46ia0ygd51tw9src@somedomain.net)?<p>Edit: This is using your own custom domain, and catch all email address. You could probably use gmail/hotmail accounts, but setting them up would be very annoying.