There is a version of digital security that looks impressive on paper: dozens of aliases, multiple password managers, layered VPNs, separate devices for separate purposes, recovery paths for recovery paths. Some people build these systems and feel protected. What they have actually built is something they can no longer fully understand, and a system you cannot fully understand is a system you cannot fully control.
Complexity creates surface area. Every additional tool, alias, or account is another thing that can be compromised, that can expire without notice, that can behave unexpectedly when something else changes. The goal of a good setup is not to have everything covered. It is to have the right things covered, clearly, with as few moving parts as possible.
What reduction actually looks like
In practice, reduction means making deliberate choices about what you need and removing what you do not. It means having one primary mail infrastructure that you maintain properly, not four that you check inconsistently. It means using one password manager, not two. It means having one backup recovery path, not five, because five paths means five things to maintain and five potential points of failure. The test for any tool or account in your setup is simple: do you actively use it, and do you understand exactly what it does? If the answer to either question is no, it should either be cleaned up or removed.
Aliases: useful up to a point
Email aliases are genuinely useful. Services like SimpleLogin let you create separate addresses for separate purposes, so that if one is leaked or sold, you know exactly where it came from and can disable it without touching your primary address. But the utility depends entirely on maintaining oversight. Clustering aliases by category, tools, newsletters, registrations, is far more manageable than creating one per platform. Having 500 aliases with no clear structure means you have no idea what you are exposing or what to do when something goes wrong.
Regular cleanup as maintenance
A setup does not stay lean by itself. Accounts accumulate. Aliases multiply. Passwords get reused when you are in a hurry. Going through aliases, accounts, and passwords every few months, removing what is no longer needed, rotating what matters, is the actual work of maintaining a secure setup. The goal is always to have less, not more.
Understand your own system
The most important principle is one that cannot be outsourced: you need to understand your own setup. Not in the abstract, but specifically. You should be able to explain, without checking, which mailbox you use for what, where your domains are registered, what aliases exist and why, and what you would do if your primary password manager became unavailable. Build according to your own thinking. Then maintain it according to your own routine. That is what actually holds.