Best E-mail configuration for 1P

@Florian_Krumm I myself use an alias email just for my 1PW account, if you have a paid Protonmail or Tutanota account, you could set up an alias that way for your 1PW account or use some other service specifically that does email aliases.

@Florian_Krumm Using a unique email address for 1Password reduces the risk that you will be targetted by a phishing attack on your 1Password account.

An attacker can check lists of email addresses against the 1Password web interface and, due to a hard to fix implementation issue, can tell which ones are associated with 1Password accounts. They can then send emails to those individual addresses trying to trick users into visiting a fake 1Password website or reverse proxy.

If you use a unique email address for 1Password then it will not appear in lists of addresses obtained from compromised websites. However, you are still at risk of a random phishing attempt against one of your other addresses. So you still need to take care not to click on links, to only go to 1password.com via the extension or a bookmark, etc.

Whatever email address you use, its messages should be delivered to an inbox that you monitor regularly. An alias is useful because it can be a unique email address delivered to an inbox that you already monitor regularly. You shouldn't rely on an alias providing any security for your email account and some email services actually allow you to use any of your aliases for login. I think this is the case with ProtonMail.

So, whatever you decide, make sure your email account has a complex, unique password and two factor authentication. I store these outside 1Password in case I need access to my email account, for example, when another family organizer helps me recover my 1Passsword account.

@Florian_Krumm When creating a new email account I use something non-guessable for the root email address and then create aliases with the addresses I need. As login is often possible with aliases, this doesn't protect against brute force attacks, but it does add some useful camouflage in other cases.

For example, if an alias appears in a website breach then you can delete it and replace it with another. And an attacker trying to socially engineer their way into your email account would not know the root email address and so would find it diffcult to persuade customer services that they are the legitimate user.

@Florian_Krumm It depends what you need. I like ProtonMail and Tutanota for their privacy. I find FastMail and Zoho Mail easier for sharing with family members.

@Florian_Krumm It depends what you need. I like ProtonMail and Tutanota for their privacy. I find FastMail and Zoho Mail easier for sharing with family members.>

Protonmail and Tutanota is what I use as well, great services, with privacy as their main philosophy.

@Florian_Krumm I only use Tutanota for banking emails. There shouldn’t be any risk at all, it’s up to you, how personal you want to get with your email name. I would only recommend you give out your personal email to people you trust. Everything else use a Tutanota alias. I use my Protonmail alias for everything. Keeps my personal Protonmail address more private. I imagine the Tutanota alias would work just like Protonmail does, where you can send and receive from the alias.

Make sure when you sign up for Tutanota, you store your recovery code you get in 1P, as if you lose your password, you won’t be able to recover your email without your recovery code.

@Florian_Krumm I myself use an alias email just for my 1PW account, if you have a paid Protonmail or Tutanota account, you could set up an alias that way for your 1PW account or use some other service specifically that does email

I did this with a Tutanota alias for my 1Password. That email doesn’t get use for anything else.

@Florian_Krumm

@prime It's a good idea! I'll have to see how many aliases Tutanota/ProtonmAil offers and if I can afford to dedicate one only to 1P!

For $1 a month with Tutanota, you get 5 (or 6) aliases. I think that’s a good price.