What do you call this kind of email?
I have on occasion used this kind of email. userid+xxxx@domain.com. What do you call this kind of email? How does 1Password handle it in logins if I have multiple ones? Should I use it for security reasons?
Comments
-
Hi @wkleem,
I don't think there is a consistent name for it as it is not really that popular in the industry. Google calls it address alias and Fastmail calls it plus addressing (Fastmail also does subdomain addressing). I believe plus addressing is the right term. One of the problems is that the plus sign doesn't work everywhere in registration forms. That's one of the advantages of the subdomain addressing, it doesn't require the plus sign as it just follows this syntax: xxxx@userid.domain.com.
As for 1Password, it shouldn't really matter as we don't pay attention to the username that much. We sort your Logins on the titles you give instead, so you can do something like Gmail [wkleem] and Gmail [mom].
Security-wise, it depends on how you're doing it. I've seen some folks doing user+gmail@domain.com, user+facebook@domain.com, and if you do it like that, it doesn't take much for the attackers to customize their tools to follow your patterns. The major benefit of plus addressing is filtering your emails and that's pretty much it.
If you own your own domain, you'd be better off generating a random string for each site, that'd be better because it's difficult for attackers to connect one email address on one site to another site since they'd be different and doesn't have any consistent userid in the addresses beside the domain name.
0 -
If you own your own domain, you'd be better off generating a random string for each site, that'd be better because it's difficult for attackers to connect one email address on one site to another site since they'd be different and doesn't have any consistent userid in the addresses beside the domain name.
The only downside to this scheme is that if you don't have access to 1Password for whatever reason then you have no change of accessing your account. With a non-random username you can at least do a password reset to get in.
0 -
Thanks @MikeT, I do have an issue with the PhaseOne login. I set it up as a plus addressing email some years ago but the login now refuses to be recognised as a valid email. :-(. Nothing that I have done to rectify it works. I cannot login to do anything.
Support requires a valid login.
0 -
Hi guys,
The only downside to this scheme is that if you don't have access to 1Password for whatever reason then you have no change of accessing your account. With a non-random username you can at least do a password reset to get in.
That's true and if you don't have access to your trusted device with the email client, you also need to remember the password to your email service's site since the password reminders are sent to your email.
I set it up as a plus addressing email some years ago but the login now refuses to be recognised as a valid email. . Nothing that I have done to rectify it works. I cannot login to do anything. Support requires a valid login.
Have you try to remove the + in the email address to see if it is valid? If yes, you could make an argument to the support team that they may have a bug in their system where they've mistakenly stripped the symbols.
I assume the PhaseOne support team can't help you update the email address? It seems strange they can't help you here.
0 -
That's true and if you don't have access to your trusted device with the email client, you also need to remember the password to your email service's site since the password reminders are sent to your email.
Indeed. This is why I use a diceware password for my primary email. It's one of the ones I memorise along with Dropbox and my MP.
0 -
Yep, that's a good way to go.
0