Securing Email - inspired by "Login with Apple"
I'm trying something new to help limit the cross-site sharing of data between sites like Amazon, Facebook, Twitter, and Instagram. For those sites, I'm adding a unique, random string of text after a + in my email address. For example: Name + $7J,Fe9Q&/r&o+9N82B8 @ mailaccount.net and being careful with the use of symbols to not include any extra @'s.
1) Has anyone else used this as a step in securing their accounts? Since many email platforms support the name+"whatever" convention, I'd guess that the big data mining companies could automate ignoring it.
2) Is there a way to request this as a feature in 1Password? I'm using the secure password generation to create what comes after the + but I'd like to have it as a standard choice?
Honestly, I'd rather trust this process -creating a unique secure email address for each account- to 1Password than to Apple.
Thanks,
Mike
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hi @skyman375,
1) Has anyone else used this as a step in securing their accounts? Since many email platforms support the name+"whatever" convention, I'd guess that the big data mining companies could automate ignoring it.
I have seen several people do this, yes. I also know that some services don't allow you to signup if your email includes special characters like a "+" sign however, so it might not work everywhere.
2) Is there a way to request this as a feature in 1Password? I'm using the secure password generation to create what comes after the + but I'd like to have it as a standard choice?
I can see how this could be useful to you, so while I cannot make any promises, I appreciate you taking the time to share your thoughts with us :)
0 -
I'm trying something new to help limit the cross-site sharing of data between sites like Amazon, Facebook, Twitter, and Instagram. For those sites, I'm adding a unique, random string of text after a + in my email address. For example: Name + $7J,Fe9Q&/r&o+9N82B8 @ mailaccount.net and being careful with the use of symbols to not include any extra @'s.
How does that help?
I think it would not take much machine learning to find out whether the part left or right of the plus symbol should be ignored.
0 -
I use a similar tactic, but use aliases (actually "groups") in G Suite to accomplish a similar outcome. This provides a truly unique address for each service, with no avenue for a computer to determine the primary email address associated with my mailbox. If the address of one of these groups is leaked, I simply delete the group, create a new one, and update my address with the service (assuming I want to continue using it). This approach has worked well for me so far, but it does have some expenses involved. I pay for a domain name as well as G Suite. I think for most applications the OP's approach is likely sufficient. Yes, a computer could fairly easily strip out the "plus addressing," but I haven't heard of any cases where that is actually being done.
I'm not sure this falls within the scope of something 1Password could / should help with. Beyond generating a random string for use with plus addressing we'd need to run an email service to be of any real help here. That would seemingly take focus and attention away from our core mission of providing the best password management tools available. That said, it is perhaps an area in which there is room for someone to step in and make easier / more automated.
Ben
0 -
I'm not sure this falls within the scope of something 1Password could / should help with.
You might consider offering “throwaway” email addresses like Apple announced at WWDC, but that’s indeed not directly related to a password (rather the “other 50%” of credentials).
0 -
That is indeed an interesting idea - thanks for letting us know it's something you'd like to see! I agree that having 1Password help with choosing these types of email addresses could be pretty helpful. Perhaps one day, but again, we can't make any promises about whether something like this will ever happen. I am looking forward to using Apple's throwaway emails though!
0 -
You’re right, it would be easy for the big data harvesters to figure it out. Ideally, a trusted broker could issue randomized email addresses for each individual login from a central domain. That’s why it would be interesting for 1Password to offer it, in lieu of a manual approach with the + modifier.
0 -
Oh, the G suite alias is a good idea too!
0 -
@skyman375 - oh, certainly -- I don't think any of us would deny it's a cool idea (I've been using a "throwaway" email service for some years already); we're just not sure whether it ought to fall within 1Password's purview to do such a thing or, even if it is, how quickly you might see such a thing. The problem with a lot of such services is that eventually, those domains tend to get "blackballed" -- i.e. - websites keep a list of email addresses you can't use to sign up, partly to prevent abuse, and partly because they want to retain access to you instead of giving you the control that comes with a disposable address. It's a bit of a cat-and-mouse game, in fact, and we'd have to think long and hard before embarking on any such thing. Again, not to say it couldn't be done, but it would require some careful thought on the front end.
0 -
I guess that’s a tacit vote in favor of Apple. They are big enough that it would be dangerous for a provider to blackball their service. I do worry about using a sign-in-with-Apple email across platforms.
0 -
@skyman375 - :) :+1:
0 -
Another risk...Facebook just locked my account for “suspicious” activity, as I’ve changed my email twice in two days...
0 -
Well that's annoying. I wish they'd just make sure they're not exposing our actual login credentials instead -- better than this security theater. :lol:
0