Do you use simplelogin for important things like banks and loan institutions?

Sure, every “serious” bank I know uses SMS for 2fa though. Only crypto or crypto adjacent stuff has an email option. Your reality will of course vary, which is why one cannot make the assumptions @dngray makes

Alternatively one could use aliases provided by email provider, such as those provided by mailbox.org

2FA to login, or 2FA to authenticate during purchases or transfers?

If the former, ouch.

For both its either sms or no 2fa at all. Bigger transactions do normally require sms 2fa, for smaller ones and logins it might or it might not, depends on the bank. Users arent given any choice on the matter.

yeah… After news reports on rampant abuse and fraud with some banks their answer was to request an sms token for every little action, even browsing their apps, each tab/button you click, just navigation, not even doing anything, triggers an sms token. Of course, that hasnt solved the problem

I do.

Not to hide from banks but to know if they sell my information and to isolate my email from full enumeration during breaches

Might also be good to add. There are many banks that upload you mail address to Facebook for advertising exclusion/inclusion. Using aliases is also defending you somewhat against the impact of that.

You absolutely right of course but email and text are the only options offered by the vast majority of U.S. banks and they tend to flag VPN access too. To eliminate SIM-swap risk I use a dedicated proton email and VoIP# that have never been used elsewhere. Because Banks here consider SIM-swaps to be low probability/low impact events it took 8 phone calls totaling 150 minutes, an in-person visit and several weeks for all dept’s in my bank to understand and accept what I was trying to do.

I do. Proton Pass and SimpleLogin aliases (both operating same infrastructure) are really trustworthy and reliable.

But I would not recommend using random aliases for such things to avoid human factor. It is better set something like this [coins].[random]@[alias domain]. For more privacy and security (to not reveal alias purpose if it will leak) avoid using real company names in alias. Instead use something like “centsmail” for banks, “thatshop” for shops etc.

Most banks will not argue about aliases, but if something, contact alias provider and bank.

Yes, bank already knows almost everything about you, but here is pros using aliases with such services:

  • If you decide to quit such service you will be able to stop every single messages from them forever. No more special prices or other SPAM
  • Purely hypothetical scenario, if some leak happens bad actors won’t be able just to brouteforce your real email
  • This will isolate your life. For example data broker won’t be able to have something important from alias mail
  • If you will receive something you don’t ever received on your alias it will tell you that there is a data leak and you should change passwords and email alias in affected service. Also it can indicate that this service sold your data.

Same here :slight_smile:

Crime is funny? Because impersonation is a crime.

As the time goes by, this sentence is only proven to be more & more false.

Hours? The longest Ive ever had to wait for CS to pick my connection was 5 minutes…

Just the opposite. Registrars that have been around for ages are less likely to close down out-of-the-blue. And are trustworthy.

Antifraud mail-filters employed by bank will not flag you.

1 Like

The best thing what you can do ever. Simply isolate every single account. This will prevent SPAM, sells to data brokers, phishing attempts and other crap.

Unfortunately, it is truth. It is still not high possibility, but it’s better to take action before it will be too late. Even if we won’t talk about banks hack, there is still data brokers, and I simply want to isolate myself from them as much as possible

1 Like

Agree with this part.

1 Like

It’s funny because that’s not impersonation at all. A logical person should know that’s an alias, not an attempt to impersonate the bank.

Impersonation is when you say that you are the person you, in reality, are not.

Logical person vs. not logical computerized system

Yes. For shopping I even using temporary email from AdGuard because their addresses not recyclable (nobody (except AdGuard) will be able to access your emails after deletion)

1 Like

This is not advisable. If you ever need to request them to delete your data at a later date you will not have that option.

2 Likes

Dropmail also not recyclable, claims not to store anything, has forwarding feature.

You are about Adguard Temp mail?

They claims to delete everything after 24 hours

The banks in my country share everything, for example, email, phone number, home address, my income, my service subscriptions, and so on. It’s part of their business model. And in that, anyone can buy this information at the bank’s counter.

However, I wouldn’t want to use an email alias with my bank, since the email is used for things like verifications, security alerts, etc. It needs to be reliable. Now, I am using Gmail with my bank to ensure compatibility, while my main email is with another service.

Also, I agree with this if anyone want to use a temporary email with their banks:

Not only in your country. There are many such things, but often not publicly acknowledged.

Alias is not temp mail, something like SimpleLogin or Proton Pass aliases is reliable enough for such things.

Horrible solution. Gmail can know what exact banks you are using and can target ads on you. I advise you to create separate privacy respecting email account for that

Yes, I know. But there are still concerns, like what the OP asked at the opening of this thread. And the banks already know you more than enough, especially, trying to hide your email from them seems like a pointless idea.

As I said, it’s not my main email. So, it doesn’t matter much.

There are many ads block solutions available. If you mean the email ads, this one is the least issue, since Gmail filtered out most email ads in a separated promotions tab.

As I contact with banks, the privacy is not my best concern. I would use other things for that, cryptocurrency, for example. However, the compatibility issues like I won’t miss my bank’s security alerts just because it goes straight to a spam folder is my best concern with the banks.

They can still target you with SPAM like “we miss you” when you are leaving them.

Yes, but it is still google. You are connecting to their servers. They can track you by this information