Generation of disposable e-mail aliases / integration with services such as SimpleLogin, IdBloc, etc.
Feature function
Currently, when signing up for accounts on third-party websites, you either have to use your real email address or manually have to generate a new email address using an external service. Meanwhile, you can already generate passwords.
This feature would enable Bitwarden to automatically create new unique email addresses for each website, preventing tracking or attacks based on a known email address.
Just for a test I created a new account with the non-existing eMail-address [email protected]. I then logged into that new account and deleted it again.
So why do you want Bitwarden to provide a new eMail-adress if you can just make it up ?
Thanks for your response! Maybe I should’ve clarified this: I’m not talking about the address you use for your Bitwarden account, but rather for addresses you use to sign up for third-party services, which often require email addresses to be verified.
I already have this functionality with mailbox.org, and I’m aware of a few services that offer it, e.g. BurnerMail. Not sure if it’s something that BW should be offering, but I’d probably find a use for it if they did.
I think that the request is more for integration with an existing solution and not that Bitwarden start offering it themselves.
However, the problem is always the same: how to do this without lessening the security of the vault? For example, I think that Simple Login is trustworthy, but would I trust them enough to put an API key into Bitwarden so it could access my Simple Login account? I’m not sure. It would have to be well documented on both sides. And that’s just one solution of the many out there. Seems like it might be more of a distraction from some of the other more important items on the roadmap.
It would be slick to be able to generate a login in one step with an alias and a random password from the generator. But I also understand the desire to keep things separate. So I guess I’m on the fence.
1Password just started offering this, together with fastmail. If bitwarden would just randomly create an email address when adding new credentials, and store this along with the password, it would be great.
Masked email integration with Email Service Providers
Feature function
What will this feature do differently?
This feature will allow users to generate random email addresses using their email service provider and allow them to use random email addresses on every site.
What benefits will this feature bring?
Improved security and convenience because I don’t have to give out my email address to every single site where I make an account
Reduced spam
Related topics + references
Are there any related topics that may help explain the need and function of this feature?
Are there any references to this feature or function on other platforms that may be helpful?
Yes! Fastmail announced partnership with 1password. Fastmail: feel good about your email
With this, 1password users can generate random email addresses within the password manager and use that on a site.
Apple also has a similar implementation that can be used with key chain, Although I don’t believe it’s as easy to use as 1password <-> fastmail integration.
Yes but please integrate it with SimpleLogin instead of Fastmail. I was so disappointed when I read 1Password’s announcement and researched Fastmail.
Fastmail is an email provider so you need to use their servers.
SimpleLogin is just generating a forwarding alias so you can use whatever email provider behind it as you wish. On top of that, you can actually self host SimpleLogin if you want complete control. Way better than Fastmail.
I think the two things should remain separated. Let BW store login credentials and if you feel the need create separate user/email accounts for new logins do it manually.
Just to know, how many times a day/week/month do you all register for new services you can’t afford doing this manually?
What happens with privacy and security when those emails are “routed” through these services?
I currently achieve this using an espanso script but it would be a lot smoother if it all happend in BW itself. The format should be fairly modular just give it the variable setup for your relevant domain and off you go.
I would even like it to default to the domain name you are on. Assuming the page is microsoft the alias would be username+microsoft@gmail for example.
But please keep it generic. I use a customer alias on Gsuite to achieve my relatively spam free system so I would want the ability to build my alias by defining the email address and where in it the keyword goes.
Updating the broken URL with the attempt of the SimpleLogin’s founder to contact some password managers (which I presume includes Bitwarden) and not receiving any answer (Sep/2021):
The ideal implementation for Bitwarden would be something simple like a company-agnostic API to return the generated address, opening the possibility of other email providers in the future. Just please don’t implement something that will hook the whole application with a specific company.
One thing I don’t particularily understand: sometimes you have to confirm with the help of your mail address. So you will also need to login to that mail service provider to use the email to confirm, etc. - right? Or what sort of services do you mean, which just need an email address but not ask you to confirm that it exists?
This is correct. This integration should make it easier to generate disposable addresses and use them on sites. Users still have to login to the email client and see any emails to that address.
A unique, random email address is created, so your personal email address isn’t shared with the app or website developer during the account setup and sign in process. Since it’s common for sites to upload your email address to Google and Facebook for ad targeting, or for your email to be leaked in a data breach, this extra level of identity protection is now unfortunately necessary. You can think of it as similar to not reusing the same password everywhere.
Any messages sent to this address by the app or website developer are automatically forwarded to your personal email address by our private email relay service (after removing the trackers). You can read and respond directly to these emails and still keep your personal address private.
An alternative would be to integrate directly with the DuckDuckGo service directly if that is an option
This would be a nice feature indeed, something that I have been asking 1Password folks for a while. I generate SimpleLogin aliases using API today, which works very well, but it’s even better if the process is automated by my password manager.