It doesn't have to be literally the service name. Can be any unique alphanumeric suffix you make up randomly. As long as you use a password manager you don't have to remember it.

Indeed, it needs to be more than just the company name if you want it to be useful later. If the email address used is [email protected], any idiot could guess company. But receiving email to [email protected] is clearly gotta be from them, or they got hacked.

That's why you have to salt the + portion (look up an old email from the service if you forgot the alias).

> Anyone who’s looked at breach data knows to try yourname+service for any service

Since we're all using a unique password for every service - <cough> we are doing that, aren't we (!!) - then how does that help?