Does Bitwarden treat the period “.” as a unique email? For example, if my email is [email protected], I can use [email protected] (or any combinations of periods within the name) and Gmail will ignore the periods and deliver the email.
Does Bitwarden ignore the periods in an email? Would [email protected] be treated as unique from [email protected] when logging in to Bitwarden? Thanks.
Yes, it would. This is a technique people also use to have a “unique” email address to be used with Bitwarden, i.e. just adding a . somewhere in their email’s username.
It’s also easy to verify this. Set up an account with your desired email (with the dot). Move the dot somewhere else and you can see that you can’t log in with it.
As a side comment, I don’t have a single online service, except the email services themselves, that are flexible about the dot placement (i.e. treating the . aliases as the same).
The answer to the above question is “no”. @Neuron5569 had answered “yes” in response to the question in your topic title (“Does Bitwarden distinguish ‘.’ periods in emails?”). Wanted to clarify this, to ensure there is no confusion.
Thank you for the responses.
A related question, does Bitwarden treat + aliases as a unique email? For example, Gmail allows [email protected].
Same answers apply. Bitwarden treats the entered username as a different username, if any character is different (except for case changes – usernames are case insensitive).
Wow, thank you for all the responses. I have been using Bitwarden for quite a while and I just now realized that I can use periods or + aliases (if allowed by the email provider) to create a unique email login for Bitwarden but I still get all the emails! This is a very useful tip that should be more publicized. If I create a Bitwarden account with [email protected], even if someone knew my email and even if they knew I had a Bitwarden account, they would not be able to sign in to Bitwarden with [email protected] even if they knew my password because Bitwarden would not recognize the email as my account! The same thing could be done with [email protected]. Essentially I would have two passwords instead of one.
There are these tips (including using a unique email address for BW account):
For an email address for BW account, you can also use an alias (like for Protonmail, or 3rd party service like DDG), in this case they wouldn’t be able to associate your BW +account with your real email / real identity.
Yes, it has been suggested as a tip to use a unique email for Bitwarden. But it had not occurred to me until today how easy it is to add a “.” somewhere in a Gmail email for Bitwarden… no muss, no fuss, you do not have to create an alias or do anything other than simply type “.” somewhere in your Gmail email when setting up Bitwarden. This specific tip would be helpful to many people.
Having a unique email address can have some benefits (no credential stuffing attacks, no bothersome warnings emails about failed login attempts, etc.), but it is not really like a second password. For one, the email address is transmitted over the internet to Bitwarden’s servers without client-side encryption (only SSL, which can be by-passed in some scenarios). Also, if you are victim to an off-line attack after your vault data are stolen from Bitwarden’s cloud servers or from the local cache on one of your devices, then the email address is available in plaintext.
Thus, while having a unique email address for your Bitwarden account is generally recommended, it is important to understand that your overall vault security derives primarily from the strength of your master password (as well as your 2FA).