This is an automated archive made by the Lemmit Bot.
The original was posted on /r/protonmail by /u/GoatLord8 on 2023-09-26 00:21:04.
Hi, I am a completely new Proton user, it’s been on my radar for some time now but I have now finally made the move!
One of the things ProtonMail offers that really appealed to me was the Aliases. As someone who previously had several Gmail accounts for different use cases and to be sure that if 1 is compromised, it won’t compromise them all, being able to have several addresses under 1 proton account instead of multiple proton accounts sounded like a great idea! However, after a bit of testing, I now realize that you can use any of the aliases to log into your proton account, meaning if 1 is compromised, they are all compromised, not just 1.
This make me wonder, am I missing something here, if not, what is the use case for aliases then? I had assumed their purpose was so that you could use the aliases instead of your actual protonmail in order to protect it, but if any alias can be used to log in then that’s kind of redundant? For example, say I wanna register for a website I don’t fully trust, my thought was that I could then create an alias so that if that website has faulty security and a leak occurs, my actual mail isn’t leaked, only the alias is. But since you can use the alias to log in, then that means if a leak occurs then my actual mail is technically leaked anyway…
Based on Protons own description, it also does seem like this was the intent? “Proton Mail aliases are email addresses that allow users to keep their real email address hidden while still being able to receive, reply, and send emails to the sender without revealing their actual address.” But your account still isn’t hidden, as any alias can be used to log in, they are essentially nicknames or alternative log in usernames…?
I do acknowledge that this does increase your individual account security, instead of having 1 mail for all accounts, you have several for different accounts, however, it would have been great if this also protected your Proton account…?
Would love to hear if I have missed anything or just have a discussion about this!
As a side note, does anyone know how many Security keys Protonmail supports? I usually like to have 1 mail key and 1 back up, but the interface sort of make me feel like it only supports 1 key.