unlimited user
My feedback
5 results found
-
507 votes
An error occurred while saving the comment An error occurred while saving the comment unlimited user
commented
Been a paid user for years and was surprised to find this security issue doing a personal audit on attack vectors. This is a critical issue so much so that I'm in the process of deleting all aliases so I'm left with a single email address. I will be transitioning to creating hide-my-email alias in proton pass.
This is unfortunate because there is a use case for "permanent" Proton Mail aliases and "temporary" Proton Pass emails. Increasing my attack surface at login is not an option so, again, I will be burning all aliases even though I depend on some of them.
I believe the lowest lift to develop this feature would be to give the user the option to login by username ONLY (no email address derivatives). The ability to select which email alias is designated for the username could be next iteration.
unlimited user
supported this idea
·
-
30 votesunlimited user
supported this idea
·
-
23 votesunlimited user
supported this idea
·
-
227 votesunlimited user
supported this idea
·
-
683 votesunlimited user
supported this idea
·
I commented on this and labeled critical long ago. As I see more and more comments and no acknowledgement from DEV, I believe it’s due to how foundational this issue is as it relates to codebase and how obvious it is that it should be a feature/fix (I work in software dev). Fixing this would be a huge effort and acknowledging this opens up a self-proclaimed weakness and negates one of the benefits of paying (aliases that are assumed to not be an attack vector). As soon as it’s acknowledged then it enters the backlog and clock starts ticking but, again, if this is an epic lift then they might not want this monster in backlog especially when they have to admit that the current state is not ideal from security standpoint. My hope is they are aware of the concern and low-key working on this. Keep losing hope as more and more time passes though.