multiple e-mail accounts

Tell us what features would make LastPass even better and vote for features that are most important to you

Moderators: admin, anatoly_LP, chantieLP, robyn, JoeSiegrist

multiple e-mail accounts

Postby jorhett » Mon Feb 15, 2016 10:00 am

Due to my involvement in multiple organizations I have more than a half-dozen e-mail addresses people know me by.

I'd like the account preferences to support the listing of alternate e-mail addresses, such that people can share LastPass secrets with me according to the e-mail address they know. And likewise that I can share out to someone using an e-mail address they expect to see.
jorhett
 
Posts: 49
Joined: Mon Jan 04, 2016 3:16 pm

Re: multiple e-mail accounts

Postby jorhett » Sat Nov 26, 2016 6:10 am

bump.
jorhett
 
Posts: 49
Joined: Mon Jan 04, 2016 3:16 pm

Re: multiple e-mail accounts

Postby ggonline » Thu Dec 29, 2016 9:32 am

How would you do that and allow secure sharing via email address?
ggonline
 
Posts: 20
Joined: Wed Nov 06, 2013 6:51 pm

Re: multiple e-mail accounts

Postby jorhett » Wed Jan 04, 2017 3:15 am

ggonline Wrote:How would you do that and allow secure sharing via email address?


I fail to grasp your question. It's trivial to support multiple e-mail addresses bound to a single account. Basic relational database simplicity.

Paypal, Google, Facebook, LinkedIn really everything allows you to be addressed by any number of e-mail addresses. I am the core developer for numerous account management systems myself, and I speak from experience when I say this isn't hard.
jorhett
 
Posts: 49
Joined: Mon Jan 04, 2016 3:16 pm

Re: multiple e-mail accounts

Postby mike808137 » Fri Jan 06, 2017 4:10 pm

I think I understand what he's asking. And I think the answer is "LastPass doesn't do that". What he's talking about is that he works with several other people at other places, say clients, and *they* want to share *their* lastpass folders with him. Except that his different clients know him by way of different email accounts.

For example, I'm "the Web Guy" for a couple of companies, administrating their website. They all use LastPass, so they setup a shared folder and give me my own email account on their system so that their stuff doesn't leak out of the company and stays under their control should we part ways down the road. So I've got:

WebGuy@companyONE.com and a separate WebGuy@CompanyTWO.com. I've got my personal LastPass account using my personal login email of theboss@companyTHREE.com.

Company ONE shares their web admin passwords with me through webguy@companyone.com, and the same for company TWO at webguy@companytwo.com.

What jorhett is asking, I think, is to login to LastPass under multiple accounts (maybe the passwords for accessing the webmail for company one and two are entries in his personal LastPass account under his personal email with company three), and then switch between the different LastPass accounts.

If they are sharing with your personal Lastpass account, I'm not sure why you aren't seeing each client/company's shared folder under your main account vault. You might want to have them put some customer ID or name in the folder name they share with you instead of all of your clients calling their shared folder the same thing and causing confusion when five clients try to share a folder with you and they all call the shared folder "WebGuy"..
mike808137
 
Posts: 288
Joined: Tue Feb 24, 2015 12:04 pm

Re: multiple e-mail accounts

Postby jorhett » Mon Jan 09, 2017 12:20 am

Nope, I'm asking for something simpler. I have no idea where you got all that multi-account stuff, my original request was quite clear.

I want to be able to add aliases that people know me by. That way if they say "share with webguy@somewhere.else" LastPass will know it's an alias for me@webguy.com (for example).

This request is trivial, and doesn't change logins, password ownership, nothing. Just the ability to receive shared passwords at multiple different e-mail accounts without creating a new LastPass account for each one.
jorhett
 
Posts: 49
Joined: Mon Jan 04, 2016 3:16 pm

Re: multiple e-mail accounts

Postby ggonline » Wed Jan 11, 2017 6:16 pm

I understand ( just email aliases). I agree that could/should be simple to implement technically. Then it would be the users responsibility to manage. I have only a personal account, not corporate, so I don't know if any of this is in that version (or planned). If so, LP would want the user to upgrade to corporate. If not, if could be "similar" to an offline LDAP (Lightweight Directory Access Protocol) system (have the data/credentials, but not integrated at OS/filesystem level. I don't have problem with it, but wonder if LP thinks this would be to difficult to users to manage (get to trouble an ask for help)? Or if the have the same mindset/policy as Facebook - only one account, RealName no aliases.
ggonline
 
Posts: 20
Joined: Wed Nov 06, 2013 6:51 pm

Re: multiple e-mail accounts

Postby mike808137 » Fri Jan 13, 2017 2:50 pm

jorhett Wrote:Nope, I'm asking for something simpler. I have no idea where you got all that multi-account stuff, my original request was quite clear.

I want to be able to add aliases that people know me by. That way if they say "share with webguy@somewhere.else" LastPass will know it's an alias for me@webguy.com (for example).

This request is trivial, and doesn't change logins, password ownership, nothing. Just the ability to receive shared passwords at multiple different e-mail accounts without creating a new LastPass account for each one.


You _are_ asking for multiple account management. And that's not a siimple or trivial problem to solve, despite being a trivial to describe convenience for you.

How, exactly can LastPass be sure, from the viewpoint of the owner of the password being shared, that only "me@webguy.com" has access to their password? How does the company know that you're not setting up an "alias for teh-hackerz@competitor.com"? I don't think the company allows you to decide what their password management and control policies and practices are.

Enterprise (or people) sharing of passwords is managed by the sender. They call the shots, as it is their password and what that password gives access to. Not you, not the person receiving the password. They are trusting that you do not, in turn, share that password with anyone else - You may know that the "anyone else" is really you, but what LastPass has to protect from, is that the owner of that password sharing it with you doesn't.

The problem is that email address is being used as an "identity" in a world where email addresses have no actual identity value, particularly at large anonymous email services (gmail, yahoo). .

How do we, or LastPass, or the enterprise or person sharing their password with you) know "goodguy@trustedpartner.com" is NOT an alias for "badguy@hackerz.com"? If badguy tells lastpass his account is really an alias for goodguy?

It might seem simple user management to you, but what you're really doing is trying to force the people who share passwords with you to agree to your personal choices about what's an "alias" or not, and that their security and management policies about identity and access to passwords they are going to share with you don't matter.

The sender of the password has decided to share that password with "me@webguy.com", and not with "anonymous@somewhere.else". You want to violate that, and I'm pretty sure that is not what the sender and owner of the password thinks they are agreeing to by sharing with "me@webguy.com". If you need the sharer/owner of the password to share it with "webguy@somewhere.else", then get them to do so. The problem is your multiple (online) personalities, not their, or LastPass' inability to deal with them.
mike808137
 
Posts: 288
Joined: Tue Feb 24, 2015 12:04 pm

Re: multiple e-mail accounts

Postby ggonline » Sat Jan 14, 2017 3:22 pm

Can login/passwords be reshared or copied? Can they be shared by someone other than the original owner? I sure hope not. I believe some can be shared in a hidden form (click the link to login without revealing the actual data). If restricted to one owner-shareduser link and aliases are used for display purposed only, it might work. Aliases would be like a custom name for an email sender not related to any authorization data/credentials, like an brand or tracking name for advertisements. The actual login/password/authorization would be a button or dynamic and encrypted link available only via LastPass (in other words NOT reshareable or unless without of LP). The non-owner could use it only from LastPass and not copy or see the actual details. Also, a security and management restriction, the account could only be managed via a single master login. Aliases could not be used to login to the LP acct, only for the one-level of indirection from the owner. That would make it work with and respect 2-factor login for LP itself, and seemingly restrict it to classic plaintext login/password authentication.

I am just thinking of possible design mechanisms that would be acceptable to me personally. I don't have an need for this currently.
ggonline
 
Posts: 20
Joined: Wed Nov 06, 2013 6:51 pm

Re: multiple e-mail accounts

Postby jorhett » Sat Jan 14, 2017 3:59 pm

mike808137 Wrote:You _are_ asking for multiple account management. And that's not a siimple or trivial problem to solve, despite being a trivial to describe convenience for you.


As I've built many account management systems myself, I am positive that it's not hard regardless of how you don't understand. I would be happy to debate how trivial this is to solve technically, but the remainder of your post proved you don't understand the use case nor the risks. So my e-mail focuses on helping you understand these.

mike808137 Wrote:How, exactly can LastPass be sure, from the viewpoint of the owner of the password being shared, that only "me@webguy.com" has access to their password? How does the company know that you're not setting up an "alias for teh-hackerz@competitor.com"? I don't think the company allows you to decide what their password management and control policies and practices are.


I'm not talking about corporate accounts. And LastPass doesn't deal with how people manage their passwords today. My request doesn't change that. (yes, LastPass provides a way for people to store and retrieve passwords, but they don't manage compliance today nor would they if they supported multiple e-mail addresses)

mike808137 Wrote:Enterprise (or people) sharing of passwords is managed by the sender. They call the shots, as it is their password and what that password gives access to. Not you, not the person receiving the password. They are trusting that you do not, in turn, share that password with anyone else - You may know that the "anyone else" is really you, but what LastPass has to protect from, is that the owner of that password sharing it with you doesn't.


Note that LastPass doesn't address or solve this problem today. Nothing LastPass does prevents me from sharing a password I get with someone else. So your entire line of thinking is specious.

In reality, you're making my argument for me. A person or business knows me by one name/e-mail. They don't know this other e-mail I give only to banks and security-related things. They want to send e-mail to the name and address they know me by. When they go to review who they have shared a password with, they want to see a name/e-mail address they recognize. That's the problem here.

mike808137 Wrote:How do we, or LastPass, or the enterprise or person sharing their password with you) know "goodguy@trustedpartner.com" is NOT an alias for "badguy@hackerz.com"? If badguy tells lastpass his account is really an alias for goodguy?


Again, you're making my argument for me. They deal with me at a certain e-mail address. They want to share to the e-mail address of the person they have interacted with previously.

mike808137 Wrote:It might seem simple user management to you, but what you're really doing is trying to force the people who share passwords with you to agree to your personal choices about what's an "alias" or not, and that their security and management policies about identity and access to passwords they are going to share with you don't matter.

The sender of the password has decided to share that password with "me@webguy.com", and not with "anonymous@somewhere.else". You want to violate that, and I'm pretty sure that is not what the sender and owner of the password thinks they are agreeing to by sharing with "me@webguy.com". If you need the sharer/owner of the password to share it with "webguy@somewhere.else", then get them to do so. The problem is your multiple (online) personalities, not their, or LastPass' inability to deal with them.


You are amazingly confused. The person sharing the password wants to share it with ME, a singular individual. Furthermore, they do not want to be in the business of tracking multiple e-mail accounts I am known by. So the goal of the change is to enable them to share with the address they know, not force the owner to track multiple e-mail accounts. Me having multiple e-mail accounts is for the convenience of the owner, not a convenience for me. I would be just fine using a single e-mail account with my employers, friends, etc ;-)

And the real problem here is that their competition handles this just fine so if this continues to be a problem, then I will move from LastPass to another service and take three different corporate accounts and more than a dozen other friends and family with me. So yeah, this really is LastPass's problem.
Last edited by jorhett on Sat Jan 14, 2017 4:23 pm, edited 1 time in total.
jorhett
 
Posts: 49
Joined: Mon Jan 04, 2016 3:16 pm

Next

Return to Feature Requests

Who is online

Users browsing this forum: No registered users and 16 guests