If attacker knows your BW email - they can try to phish it specifically.
Is it a best practice to NOT use your name or public nickname for Bitwarden account email?
Everything else - random aliases per account or category, e.g. “[email protected]”, which forwards everything to [email protected]. Easy to replace in case of data leak.
I guess it’s the best to have unique not super guessable email for BW.
Just worried that I’ll forget it and screw backups at the same time - unlikely, but who knows.
P.s. I know Yubikey is a solution against phishing. Asking for a friend.
It is not dangerous to use a common email as the true security layer is the encryption. A unique email is just another layer of security to to make it less likely that someone will know where to attack. Having it be an alias to your primary email is a good thing as you need to pay attention for things like “unrecognized login” email warnings. Plus addressing is an easy way to accomplish this for those without their own domain name.
Concern about forgetting the email really is no different than concern about forgetting the password. Both are very real risks that can be addressed with an emergency sheet.
Having a unique/hard to guess email for bitwarden is not necessary. But it’s not bad either.
Email aliases are a great to mantain good email hygiene.
A couple of months ago I bougth a domain and added it to my email aliases subscription.
And since then, everywhere I have a subscription that requires an email (and bitwarden is no exception) i generate a random email on that domain that I use exclussively on that service.
This way, when one of those aliases begins to receive spam, I just have to delete it and change it for a new one.
And the reason for doing it with my own domain is to have an easy migration path in case the aliases service I currently use closes, raises prices unreasonably, or whatever.