Choose which alias can log in to Proton
Hello Outlook.com now is accepting to choose what alias can be used to login on account to improve security.
Why Proton mail dont do the same thing? with this we are protected from botnets(credential stuffing or brute force), because we can create a alias and dont share the username with anyone.
My preference would be to never use my primary proton account to login to Proton apps. I would prefer to use an alias to do that so my primary is never exposed.
I like the idea of a check box to enable/disable the alias as Login option.
There is a similar idea here https://protonmail.uservoice.com/forums/945460-general-ideas/suggestions/46755520-alias-does-not-enter-the-main-account.
Perhaps they should be merged and votes added together?
This is a critical security feature. We should be able to prevent aliases from being used as a login. A simple checkbox next to each alias to prevent it being used as a login would work.
Daniel Travassos commented
it would be very good to put an alias option, in which it only serves to receive and send emails, without the possibility of logging in with the alias. If any service registered with the protonmail account is leaked, there is no risk of a login attempt, more increasing security and privacy.
John Dozius commented
Dear Awesome Protonmail people,
I really like the Protonmail function to be able to create multiple e-mail addresses.
This means I can share an e-mail address with a website and they do not necessarily have my main e-mail address.
The benefit of this approach is that should they get hacked or compromised (which is quite likely as webshops are often targets of these types of attacks), the attacker does not have my main e-mail address in their 'loot' so to speak.
In the current situation however, they can still attempt to login with that gained e-mail address and start brute forcing etc.
What I would like is to eliminate the possibility for them to login entirely.
I would like to have the option to assign usage rights / privileges to the specific e-mail adresses individually.
My intention is to have one master e-mail address, the only e-mail address that can be used to open the Protonmail interface.
I would like all the secondary e-mail addresses to not be able to login to Protonmail, but just be able to send and receive e-mail (while logged in with the master e-mail).
This means, should they be compromised, an attacker isn't able to do anything with the Proton e-mail address / user account information they stole.
(I know of course payment information stored in the webshop database itself is still a risk, but that's a concern I have to take up with the webshop and a different step in the process to create a secure environment.)
I am referring to the section 'Addresses and identities'.
Here is what that could look like:
Adresses and identities:
1. E-mail address 1: Master E-mail Rights: All rights, can log into (all) Protonmail (apps, can manage account, subscription etc.
2. E-mail address 2 (shopping): Send and receive Rights: Limited rights, can send and receive e-mail with itself as sender, cannot login to Protonmail or Protonmail apps.
3. E-mail address 3 (old deactivated): Deactivated, archive Rights: No rights, inbox still visible as archived e-mail, cannot login to Protonmail or Protonmail apps.
That's just a quick sketch, feel free to change it to your own version. I have more ideas about that if you want.
Anyway, the characteristic of this approach is that some e-mail addresses created should not have all usage rights to Protonmail / apps.
The benefit of this approach would be that if our e-mail address is compromised because a webshop or streaming service has poor security (which is likely at some stores)
our main Protonmail is not at risk of login by a malicious person.
Worst case scenario they could send a spam e-mail to you with my approach. Then you could simply deactivate that e-mail address / identity and create a new one for that webshop or streaming service.
In the end our security as Proton users is most important and perhaps this is a good idea to help improve security further.
I hope you all agree and make this idea happen.
Thanks for reading and have a great day all!