PageCrypt – Password Protect HTML (pagecrypt.maxlaumeister.com)

Following up on earlier thread about what setup to use for main email account. Consensus appeared to be 'Get a custom domain (e.g. with Cloudflare) and use it with e.g. Fastmail'. The plan is to then make that email address the cornerstone of my online security, use it for password manager recovery etc.

The domain registrar and the email hosting then appear key to the whole security model – if they are compromised, all other accounts are.

So I'm trying to work out the details of how to go about it.

E.g. which email should I use with the registrar to buy the domain? Some throwaway one, which I then change to the new domain I am purchasing in a circular fashion once it is set up? Is that a good practice, or too risky for recovery should anything go wrong?

If I use a separate email address to buy the domain, then seems that email becomes crucial to the security of it all and then why even bother with paying for the domain and Fastmail etc. if I am relying on some pre-existing email account?

I'm probably way overthinking it, but since I'm working on this at all and the stakes are rather high I'd like to set things up properly, for decades.

The goal is to achieve reasonable security against: 1. Attacks that are not highly sophisticated or targeted 2. Getting arbitrarily locked out by Gmail etc., potentially then losing access to other important accounts 3. Me locking myself out by forgetting some secret

It seems surprisingly difficult to find a best practice guide for this scenario, how to set up a password manager with it, which recovery information/backups to keep offline etc. Information I find is either too vague or overly involved (after all I don't want to dedicate all my time to maintaining security, just want a reasonable setup). Any practical advice appreciated!

Comments (3)

koakuma-chan · 5h ago

> Consensus appeared to be 'Get a custom domain (e.g. with Cloudflare) and use it with e.g. Fastmail'.

Huh, that's literally what I do!

> E.g. which email should I use with the registrar to buy the domain?

Not saying you should do this, but I use a fastmail masked email address as my Cloudflare email address.

> use it for password manager recovery etc

The cool thing about fastmail is that it has an integration with 1Password where, if you need to register at a website, you can quickly generate a masked email (e.g. cool.boat1337@fastmail.com) via the 1Password extension at the same time you generate the password. It's reaally nice.

agent008t · 4h ago

By 'fastmail masked', you mean an email on the fastmail domain, right? I.e. something123@fastmail.com? So that if there is a problem with your domain, you can still login to your registrar even if they want to say verify your identity by sending a code to your registered email address?

koakuma-chan · 3h ago

Yes. Fastmail has a feature that allows you to generate masked email addresses, e.g. "funny.hat123@fastmail.com" (also known as temporary email addresses). Emails sent to these addresses still arrive in your inbox, but you can easily block them any time. They are suitable for making accounts at garbage websites, so that you can block their spam any time. In fastmail though those email addresses are permanent (they won't disappear on their own after X minutes or anything like that).