Ask HN: Best practices for using email to log in to important online services

2 pointsColonelBlimp3y ago1 comments

I might be overthinking this but it seems to me that using your email account both as a tool to communicate and as your personal identifier to log in to critical online services like bank accounts or password managers is problematic.

Is using 2FA in both my email account (although, if I'm not mistaken, 2FA doesn't work for POP3/IMAP accounts) and in, let's say, my bank account a reasonably secure option that address the apparent contradiction of using a public identifier (i.e. email account) for something that should be kept private (part of the information required to access your money, tax information, etc.)?

Do you have email addresses/aliases that you use exclusively as usernames for critical/important online services and not for communicating? Are there "best practices" when it comes to separating the use of email as a communication tool and as personal identifier/username? How do you manage this?

Or, as I said at the beggining, am I overthinking this?

1 comments

1 comments · 1 top-level

LunarAurora3y ago

IMO Aliases help. there is a difference though that people often overlook :

Some services like Outlook mail and Apple mail (for free ones) do not allow you to log in with the alias. This could be considered more secure, I guess.

In contrast, In others (like yahoo and gmx) you can log with any of them, and they are also all clearly "visible" (in the settings).

j / k navigate · click thread line to collapse