How Password Managers and Email Aliases Work Together
A password manager gives every account a unique password. Email aliases give every account a unique email address. Together, they create complete compartmentalization: no two accounts share any credential. A breach on one service reveals nothing about your other accounts.
The problem with shared credentials
Most people use one email address everywhere. When that address appears in a data breach (and it will), attackers have a key that works across every service you use. They try your email + leaked password on every popular site. If you reused the password anywhere, they are in.
A password manager solves half the problem (unique passwords). Email aliases solve the other half (unique email). Together:
- Service A knows you as
shop-abc@cleanbox.mewith passwordX7$kQ9... - Service B knows you as
social-xyz@cleanbox.mewith passwordmP2#nR... - A breach on Service A reveals nothing useful for Service B
The workflow
Signing up for a new service
- Open your password manager (Bitwarden, 1Password, etc.)
- Create a new login entry for the service
- Generate a random password (the password manager does this)
- Open Cleanbox and create a new alias (e.g.,
servicename@cleanbox.meor use the random generator) - Add a note to the alias so you remember what it is for
- Use the alias as the email and the generated password to register
- Save both in the password manager entry
Logging into an existing service
- Open your password manager
- Find the entry for the service
- Autofill the alias email + password
When an alias gets compromised
- Disable the alias in Cleanbox (one click)
- Create a new alias
- Update the service's email in account settings
- Update the password manager entry
Setup with popular password managers
Bitwarden
Bitwarden has built-in email alias integration with several providers (including addy.io and SimpleLogin). In Settings → Options, you can configure an alias service to generate aliases directly from the Bitwarden popup. While Cleanbox is not yet integrated as a direct generator, you can store your Cleanbox aliases manually in each login entry's username field.
1Password
1Password supports "Masked Email" through Fastmail integration. For Cleanbox, use 1Password's login entry to store your alias as the username. 1Password's Watchtower feature alerts you when a stored email appears in a known breach — including your aliases.
Any password manager
The integration does not need to be automatic. The workflow is the same with any password manager: create alias, create entry, paste alias as username, generate password, save. The extra 10 seconds per signup buys you complete credential isolation.
Real-world example
Your password manager vault might look like this:
| Service | Email (alias) | Password |
|---|---|---|
| Amazon | amazon-shop@cleanbox.me | kR8#mQ2$nP5... |
linkedin-pro@cleanbox.me | xJ4&vL9*wT1... | |
| Netflix | netflix-watch@cleanbox.me | bN6!hY3@cF8... |
| Bank | bank-secure@yourdomain.com | pQ7%dK1#mW4... |
A breach at LinkedIn reveals linkedin-pro@cleanbox.me with a password that works nowhere else, tied to an email that is only used for LinkedIn. The attacker has nothing useful.
How many aliases do you need?
Most people have 50-200 online accounts. You do not need to migrate them all at once. Start with:
- High-value accounts first — Banking, primary email, password manager itself
- Shopping and social media — Most likely to be breached
- New signups going forward — Every new account gets a unique alias from day one
- Old accounts gradually — Migrate a few per week as you encounter them
Cleanbox's plans scale with your needs: 3 aliases on Free, 10 on Personal, 30 on Premium, 100 on Advanced.
