New to 1Password. Noticed some minor issues, but looks like a password manager is the way to go. Just have to hope it's secure and the info stays secure.
One reason to use a password manager is you can use random usernames for every website without having to remember them or having to use the same username everywhere as that's what most people do when they have to remember usernames. The randomness for every site is added protection to help keep a fraudster from linking your various accounts together. As I've read of people getting hacked up because a fraudster linked a bunch of their online accounts together and went from company to company data-mining their credentials from employees for example. The guy who had his computer and phone wiped out story that's been going around for example.
One problem with that, is most places have you use an e-mail for log in vs. a random username you pick up. Though a lot of places who use a username, like forums, for log-in also broadcasts that username which could make using a username less secure than e-mail address in those examples.
Or they have it setup where you can use either a username or e-mail to log in. So most people have one or two e-mail addresses, and use that to log into all of their sites. So essentially half of your log-in credentials will be the same for a bunch of websites. Other problem is your e-mail address is probably floating around on lists, and so they can use that e-mail list to try and break into sites since they have half of the log-in credentials. Who knows how well those sites protect the attempts to log-in. As I believe some places use a hash and/or salt to help keep brute force attacks low? I just know that how a site manages the way you log in can determine how secure that site is compared to another.
Anyways, using an e-mail address for log-in is a huge flaw. One way people hack into accounts is doing the "forget password" and have a reset password sent. And if they gain access to your e-mail account. Then they could use that to get in a bunch of your online accounts by doing password reset.
I was wondering if anyone knows of a secure desktop type e-mail system that lets you setup alias e-mail accounts? Was thinking of something similar to 1Password except it manages your various e-mail aliases and also receives e-mails that aren't kept/stored on a server after downloaded. Or a secure e-mail client that is on the server that lets you set up aliases? I noticed Outlook lets you setup alias e-mail accounts, but it is real limited. Also Outlook would let you pick one or more alias e-mail accounts that are allowed to log into Outlook. The benefit here is you could pick just one e-mail alias that you have setup that is the only one allowed to log into the Outlook account. And you would never share or use that alias e-mail account thus keeping it off of lists or other places.
The idea I had was to create a new random e-mail alias to use for the e-mail log-in for each site. And this e-mail alias would only be used for that site to log-in, and never shared or used to send e-mail or mentioned anywhere. But the kicker is that e-mail address will still take in e-mails say notifications from the website you are using it with. So you can still get notifications of new messages or whatever. Thing is you could manage all of the aliases in one secure account.
One bad thing about say Paypal, is the e-mail address people use to normally log-in is the same e-mail address that is used to send payments to strangers. Hopefully this new Apple Pay that is coming out is setup a lot more secure.