Do you use simplelogin for important things like banks and loan institutions?

I’m worried about the potential loss of access to an account if something somehow happened with my simplelogin aliases or my Proton account’s connection to them. They’re always very complex and difficult to give to customer service agents, and it’s not as simple as just getting back into that email. What happens if they disconnect somehow?

1 Like

I would not use them for things like banks no. There is no privacy gained as they already know who you are and this belongs to a “known identity”.

You can also make simpler aliases (random words) as well as custom aliases eg facebook@example.com, just note though that with the free domains that are provided on a free SimpleLogin account, they may trigger fraud detection systems or be banned.

7 Likes

I do. Not for privacy for all the reasons @dngray mentions but because I like to have separate emails for all my accounts. It makes it much easier to manage my emails or to deal with any account being caught up in a data breach.

Never had any major issues with using an alias email for a bank. Only minor problem I have run into, is that sometimes they will call to confirm its your real email (as it can seem suspicious, especially if you are changing from an email that you have had on the account for years).

This may be getting to into the weeds but if you use a brokerage account, you can usually have more then one email on file. For example, I use an alias email for most things but the brokerage has another email on file if there is a real emergency.

6 Likes

Same here but i use custom domain so essentially catch all but via simplelogin cuz that is easy.

It still allows me to move away.

I basically have no accounts on my main email anymore.

1 Like

I also use SimpleLogin (with a custom domain) for banking and financial accounts for a similar reason: it’s very effective as an anti-spam/anti-marketing-email tool when they’re coming from addresses that are separate from those sending important notifications.

A funny moment I encountered regarding this naming scheme was that when I called the customer service of a particular company and provided an email alias that contained the company name (like your example), the rep asked me if I worked at that company. :laughing:

3 Likes

I once got my account terminated by the bank because my alias has their name. The bank claimed that I’m impersonating them. If I really want to impersonate them why I hand you that address? It’s really funny.

1 Like

I had the same experience several times too haha.

3 Likes

There is if they are breached (and you have to assume everyone will be at some point). It happened to me recently, fortunately I was using an alias!

Yes, but with a custom domain.

I do as well. It’s only a mildly inconvenient process to get my email address changed at the bank. So there’s no major worry of being locked out.

Unlikely with a serious bank as they do tend to employ professionals to make sure that doesn’t happen. Secondly, there is likely a lot more sensitive data that a bank would posses about you, besides your email address.

If you do still use an aliasing service with a bank I would use a custom domain.

4 Likes

I use Simplelogin for financial because they spam me more than any other account I have.

Those aliases stay turned off unless I
need to receive a 2fa code which doesn’t happen very often.

I don’t risk it. Wouldn’t put it past my banks to lock me out of my account merely because they detected a suspicious email address. I would then have to spend hours waiting in a telephone queue with customer support.

I use a custom domain with a prefix I only give out to my banks. I don’t see the privacy gain of using aliasing addresses for banks. They are definitely on spam lists anyway. I use them for trash sites and newsletters.

I feel like there are two problems here,

  • Using a SimpleLogin alias
  • Using a custom domain alias using SimpleLogin.

These two are very different. If you use a SimpleLogin alias, you are beholden to SimpleLogin. Assuming you have no way of accessing the account without access to the email address, you are trusting SimpleLogin to continue to exist.

If you use a custom domain, you are relying on your domain registrar.

Even if you use a reputable domain registrar, it’s really tricky to determine whether you can trust them enough to stay online for the foreseeable future and beyond. My question is, what factors should you consider when making that judgement?

I feel like Bank accounts are a bad example. Every bank is different, but I think most major banks would deal with these sorts of problems every day, and it would be a simple matter of contacting your bank and telling them that you need access to your account but you don’t remember your email address.

Also, banks shouldn’t use email addresses for authenticating its users. That’s really bad practice. Email addresses should just be for notifications and general, less sensitive, stuff.

I wouldn’t use SimpleLogin, but I can’t give you a good reason why I would trust my domain registrar over it. And that troubles me, because there’s no indication one has more staying power than the other.

The point that @dngray makes about privacy is kind of a non-problem. While using an alias can be useful for masking your identity, this is only the case if your alternative is using a personal email address. I believe email aliases provide more security than privacy, ie. using an email alias with your bank is a good idea but not for privacy reasons.

I know Americans have a lot of trust in banks, a very old school way of looking at them. Perhaps its warranted, idk. Most people dont live in the USA though :wink:.

Yes, but they normally wont be sharing that more sensitive data with third parties for marketing and analytics, which is where some of the leaks come from.

Also, if I have an address I only gave to one bank and suspect its bern compromised I know which entity got compromised and can change it, thus making it harder for someone else to steal access to my account. Sometimes email and phone number or email and some other identifier are enough to get tgem to reset a password or pin. Email is what can be more easiy changed.

Why?

I know Americans have a lot of trust in banks, a very old school way of looking at them. Perhaps its warranted, idk. Most people dont live in the USA though :wink:.

Indeed. Most people are also dead.

Don’t almost all banks these days still use the same ledger system they used back in the 70s?

Why?

I’m pretty sure the only reason you want to use a custom domain over a random alias service for sensitive accounts, is because you own your domain (unless you use a middle-man service like njal.la), and you can “take your email with you” so to speak, and move to any email service you want. But who do you trust more to not disappear forever, SimpleLogin or your domain registrar?

Yes I do. Not because I want to be “anonymous”. I just don’t wanna SPAM or anything like databases leak. Furthermore, if I will decide to quit some of these companies, I will be able to cut all contacts with them to avoid SPAM like “We have good deal for you” or “We miss you”

1 Like

or “leave your review”, “feedback wanted”, " $10 voucher", “trustpilot”, “rate us” all these things go straight to spam

And regardless of what the answer to that is, what makes a bank special when considering such things? I can easily change the email address they have on file…

That’s my point though, for banks specifically, it’s a “known identity” where you can verify yourself in other ways and regain access. But if you can still access the account with just your email address and password, that’s not an issue.

Where it’s an issue is where you need access to your email to receive 2FA codes. It’s pretty arbitrary what services use this method to authenticate, some are low priority, others are…banks.