Howdy! AssertNull here. I just created a new account. I'm not engaging in sock-puppetry here and you won't find 100 upvotes and comments about how helpful AssertNull is in answering questions and I won't be answering programming questions under this account if I can help it. The other account is Ben_21 (side note: I never typed in Ben_21 for the user name. I typed in Ben Richards of Running Man fame. What happened?) There is a point to this, however. I've been getting contacted/spammed under my gmail account associated with AssertNull, so I've created a throwaway gmail account to start anew with forums, etc. Note: I'm not accusing Daniweb of spamming me. I know it's not Daniweb. I'm just pointing out that the underlying gmail account is the same. I'm hoping that the Daniweb mods/admins or anyone who understands forums can answer a few generic forum questions to help me tighten up my online security.
Let's say AssertNull has gmail account firstname.lastname@example.org and he used this account to register for Daniweb/Dazah. This is my main e-mail account that I give out to friends, family, etc., not a throwaway account/ Let's say email@example.com is a throwaway account used solely for online forums and Ben_21 used this account to sign up for Daniweb. When firstname.lastname@example.org was created, gmail asks for a backup account and phone number in case you lose your password. Let's say I typed in my real phone number and email@example.com as those backups when creating firstname.lastname@example.org.
My question is this. Can Daniweb (or any other forum or anyone who knows about email@example.com) figure out that firstname.lastname@example.org exists and is controlled by the same person who controls email@example.com? Does registering for Daniweb (or anywhere else) using firstname.lastname@example.org allow Daniweb to figure out who my email@example.com contacts are? More importantly, if firstname.lastname@example.org is compromised, does that compromise email@example.com? firstname.lastname@example.org is the important one with real human contacts that I don't want pestered. email@example.com is, as mentioned, a throwaway.
I had a security breach very likely stemming from someone abusing my registration info (to repeat, not Daniweb) and I'm doing damage control. In particular, I haven't been particularly good about creating different passwords for all accounts, so if my forum account's password is "1234", I assume some hash of "1234" is kept in the forum's database for authentification, so the bad guy has access to that hash value? Suppose firstname.lastname@example.org had password "1234" as well. Could the bad guy use that hash to break into email@example.com?