Securing Email - inspired by "Login with Apple"

skyman375
skyman375
Community Member
edited June 2019 in Families

I'm trying something new to help limit the cross-site sharing of data between sites like Amazon, Facebook, Twitter, and Instagram. For those sites, I'm adding a unique, random string of text after a + in my email address. For example: Name + $7J,Fe9Q&/r&o+9N82B8 @ mailaccount.net and being careful with the use of symbols to not include any extra @'s.

1) Has anyone else used this as a step in securing their accounts? Since many email platforms support the name+"whatever" convention, I'd guess that the big data mining companies could automate ignoring it.

2) Is there a way to request this as a feature in 1Password? I'm using the secure password generation to create what comes after the + but I'd like to have it as a standard choice?

Honestly, I'd rather trust this process -creating a unique secure email address for each account- to 1Password than to Apple.

Thanks,

Mike


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • ag_ana
    ag_ana
    1Password Alumni

    Hi @skyman375,

    1) Has anyone else used this as a step in securing their accounts? Since many email platforms support the name+"whatever" convention, I'd guess that the big data mining companies could automate ignoring it.

    I have seen several people do this, yes. I also know that some services don't allow you to signup if your email includes special characters like a "+" sign however, so it might not work everywhere.

    2) Is there a way to request this as a feature in 1Password? I'm using the secure password generation to create what comes after the + but I'd like to have it as a standard choice?

    I can see how this could be useful to you, so while I cannot make any promises, I appreciate you taking the time to share your thoughts with us :)

  • XIII
    XIII
    Community Member

    I'm trying something new to help limit the cross-site sharing of data between sites like Amazon, Facebook, Twitter, and Instagram. For those sites, I'm adding a unique, random string of text after a + in my email address. For example: Name + $7J,Fe9Q&/r&o+9N82B8 @ mailaccount.net and being careful with the use of symbols to not include any extra @'s.

    How does that help?

    I think it would not take much machine learning to find out whether the part left or right of the plus symbol should be ignored.

  • Ben
    Ben
    edited June 2019

    I use a similar tactic, but use aliases (actually "groups") in G Suite to accomplish a similar outcome. This provides a truly unique address for each service, with no avenue for a computer to determine the primary email address associated with my mailbox. If the address of one of these groups is leaked, I simply delete the group, create a new one, and update my address with the service (assuming I want to continue using it). This approach has worked well for me so far, but it does have some expenses involved. I pay for a domain name as well as G Suite. I think for most applications the OP's approach is likely sufficient. Yes, a computer could fairly easily strip out the "plus addressing," but I haven't heard of any cases where that is actually being done.

    I'm not sure this falls within the scope of something 1Password could / should help with. Beyond generating a random string for use with plus addressing we'd need to run an email service to be of any real help here. That would seemingly take focus and attention away from our core mission of providing the best password management tools available. That said, it is perhaps an area in which there is room for someone to step in and make easier / more automated.

    Ben

  • XIII
    XIII
    Community Member

    I'm not sure this falls within the scope of something 1Password could / should help with.

    You might consider offering “throwaway” email addresses like Apple announced at WWDC, but that’s indeed not directly related to a password (rather the “other 50%” of credentials).

  • That is indeed an interesting idea - thanks for letting us know it's something you'd like to see! I agree that having 1Password help with choosing these types of email addresses could be pretty helpful. Perhaps one day, but again, we can't make any promises about whether something like this will ever happen. I am looking forward to using Apple's throwaway emails though!

  • skyman375
    skyman375
    Community Member

    You’re right, it would be easy for the big data harvesters to figure it out. Ideally, a trusted broker could issue randomized email addresses for each individual login from a central domain. That’s why it would be interesting for 1Password to offer it, in lieu of a manual approach with the + modifier.

  • skyman375
    skyman375
    Community Member

    Oh, the G suite alias is a good idea too!

  • Lars
    Lars
    1Password Alumni
    edited June 2019

    @skyman375 - oh, certainly -- I don't think any of us would deny it's a cool idea (I've been using a "throwaway" email service for some years already); we're just not sure whether it ought to fall within 1Password's purview to do such a thing or, even if it is, how quickly you might see such a thing. The problem with a lot of such services is that eventually, those domains tend to get "blackballed" -- i.e. - websites keep a list of email addresses you can't use to sign up, partly to prevent abuse, and partly because they want to retain access to you instead of giving you the control that comes with a disposable address. It's a bit of a cat-and-mouse game, in fact, and we'd have to think long and hard before embarking on any such thing. Again, not to say it couldn't be done, but it would require some careful thought on the front end.

  • skyman375
    skyman375
    Community Member

    I guess that’s a tacit vote in favor of Apple. They are big enough that it would be dangerous for a provider to blackball their service. I do worry about using a sign-in-with-Apple email across platforms.

  • Lars
    Lars
    1Password Alumni

    @skyman375 - :) :+1:

  • skyman375
    skyman375
    Community Member

    Another risk...Facebook just locked my account for “suspicious” activity, as I’ve changed my email twice in two days...

  • AGAlumB
    AGAlumB
    1Password Alumni

    Well that's annoying. I wish they'd just make sure they're not exposing our actual login credentials instead -- better than this security theater. :lol:

This discussion has been closed.