Option to Control Alias Access for Enhanced Security
Hi team,
I would like to request the addition of a feature in ProtonMail that allows users to disable alias logins or restrict login access to specific aliases.
Currently, aliases can use the same password for login, which raises security concerns as it feels like having multiple back doors that could be exploited if an attacker gains access.
Implementing a way to manage alias login permissions or disabling them entirely would enhance security and align with best practices for credential management.
Thank you for considering this feature request.
-
Revive commented
Wow, you are absolutely right. They really said exactly what you mentioned in my Reddit post. I don’t really understand their perspective. Maybe they have sophisticated algorithms to prevent it, but I don’t think so. I believe their sentinel is just a logging mechanism with system and human monitoring—nothing more. It seems more like they are being overconfident to me. To me, it’s the same as 15 accounts using the same password. I regret becoming a paid user.
-
Davie commented
And they’re going to tell you that it doesn’t affect security at all. That as long as you have a good password and 2FA, you’re good.
I don’t really understand, how having 15 possible logins to the same account, is not less secure than having only one.
How is having 15 chances, the same as one?