dylanh724:
However, associated account linking is still pretty nice - some would even say necessary . I’m sure not everyone uses the same email for everything (I don’t) for different reasons. Some may also use aliases (eg, me+someAlias@gmail.com):
@dylanh724 , that’s my situation. I don’t merely utilise RFC 5233 sub-addresses, but different local parts (albeit, with the same subdomain) per service:
opened 04:40PM - 22 Jul 23 UTC
enhancement
0. Needs triage
### Is your feature request related to a problem? Please describe.
I utilise an… obfuscator for all of my e-mail addresses. [^1] Because it offers infinite aliases, I use a different alias *every* time I give my e-mail address to someone. However, I ensure that they're all under the `@rokejulianlockhart.addy.io` domain, so that they can be identified as me by a human. However, this isn't good enough. I use different aliases to combat spam, not be anonymous.
[^1]: [`github.com/anonaddy/anonaddy`](https://github.com/anonaddy/anonaddy/blob/16933763d0c37c97068fe05b2e7e9e57ca4d860c/README.md#what-is-a-standard-alias)
Additionally, when messaging others, I ensure that I add an RFC 5233-compliant sub-address with my name to their e-mail address, [^2] so that they can filter all messages from me (even if I'm using a different alias for my own filtering purposes). Others use the same when communicating with me, especially family. The current identification system doesn't take sub addresses into account whatsoever.
[^2]: [`meta.discourse.org/t/129490/9`](https://meta.discourse.org/t/how-do-i-enable-associated-accounts-with-2fa/129490/9?u=rokejulianlockhart)
### Describe the solution you'd like
I should therefore be able to set `RY7I0I+RY7I0R@rokejulianlockhart.addy.io` as an e-mail address, and beneath it add, for instance, the undermentioned:
```regex
[A-Za-z0-9]+\+[A-Za-z0-9]+@RokeJulianLockhart\.Addy\.IO
```
…in another input form to ensure that Nextcloud identifies any (in this case sub-addressed) alias as me.
### Describe alternatives you've considered
The sole current alternative is to list literal tens of thousands of aliases as myself, which is insane. It also wouldn't work, because the service generates a new alias when someone else uses one, so I'd have to retroactively add those whenever someone else uses one. It also wouldn't account for sub-addresses.
### Additional context
Like most more powerful features of Nextcloud, this only *need* be visible when clicked on. Adding a button beside each e-mail address to show a form which allows the user to enter custom regex is enough.
Additionally requested at:
1. [x] <del>[`feedbackportal.microsoft.com/feedback/idea/ed4261f8-af28-ee11-a81c-6045bd8534ad`](https://feedbackportal.microsoft.com/feedback/idea/ed4261f8-af28-ee11-a81c-6045bd8534ad#:~:text=Allow%20specifying%20regex%20to%20match%20an%20e%2Dmail%20address%20to%20a%20contact.)</del>
1. [x] [`discussions.apple.com/thread/255016441`](https://discussions.apple.com/thread/255016441?sortBy=rank#:~:text=Allow%20specifying%20regex%20to%20match,%20%20%20%20https://developer.apple.com/forums/thread/734290.)
1. [x] [`developer.apple.com/forums/thread/734290`](https://developer.apple.com/forums/thread/734290?answerId=801868022#801868022:~:text=Is%20your%20feature%20request%20related,%20%20%20%20https://github.com/nextcloud/contacts/issues/3530%23issue%2D1816825315.)
1. [x] [`bugzilla.mozilla.org/show_bug.cgi?id=1845009#c0`](https://bugzilla.mozilla.org/show_bug.cgi?id=1845009#c0:~:text=User%20Agent:%20Mozilla/5.0%20(X11;%20Linux,case%20sub%2Daddressed)%20alias%20as%20me.)
Others utilise different local parts and a generic domain that doesn’t relate to them, for which this cannot even theoretically be supported any other way.
Consequently, I want to explain that the undermentioned is nonsensical:
[…] the reason being is that your associated accounts can also be compromised , and AFAIK associated accounts bypass the 2FA restriction on forum accounts. That is why 2FA suppresses associated accounts. Associated accounts can be compromised, especially without 2FA allowing bad-actors to therefore, log into your forum account as well.
I’ve 2FA enabled. Currently, via TOTP, but shall be via CTAP1, when the undermentioned has been resolved:
Feature Requests
Password Manager
Use case: As a user of a website with multiple Top Level Domains (TLD), I want to be able to store multiple passkeys for one Vault Entry. Reason: Passkeys are made so that they are usable only for one relying party ID to avoid phishing attacks...
Reading time: 16 mins 🕑
Likes: 33 ❤
This is solely for username-plus-password entry. Instead, I’ve also CTAP2 1FA active for the account. It’s also active for all possible OAuth alternatives, thereby rendering the stated rationale for preventing connecting alternative SSO options quite outdated.
It’s also quite confusing for someone who isn’t aware of the restriction:
Consequently, I advise that this not be the default, especially whilst the undermentioned remains:
With enforce_second_factor_on_external_auth enabled, if a user attempts to log in via social auth they get to this screen:
[image]
But the option to log in via passkey is missing. It should be added to this screen.
That, plus the general dissuasion toward 2FA, means that it’s a net security negative.