I’ve long been a fan of both Bitwarden for password security and email aliases for privacy, but I recently discovered a slick solution that combines the benefits of both.
The process involves connecting Bitwarden’s username generator with DuckDuckGo’s masked email service. While it’s a bit tricky to set up, it ultimately gives you an easy way to create unique emails and passwords on any app or website you visit, all in one place. Best of all, it’s free with no usage limitations.
This column first appeared in Jared’s Advisorator newsletter. Sign up to get more tech tips every Tuesday.
Random passwords + unique emails
Let’s back up a little bit.
Bitwarden, if you’re unfamiliar, is a free password manager. When you sign up for an app or website, it can generate random passwords every time so you don’t end up using the same (or similar) passwords everywhere. Having unique passwords for each site means that if hackers steal your password from one place, they can’t use that password to break into your other accounts.
Masked emails—also known as email aliases—apply this same concept to email, letting you hand out unique, randomly generated email addresses that forward to your main inbox. Using masked emails is helpful for several reasons:
- They protect your identity in a security breach, as your true email address never gets exposed.
- They keep your true email hidden from marketers that want to built a profile around it for ad targeting.
- They let you permanently block emails to any alias you’ve set up.
- They’re handy for redeeming extra free trials or new customer discounts.
While masked emails are great in theory, remembering to set them up can be hassle, so last year, Bitwarden started integrating masked email services directly with its password manager. This allows users to generate unique emails and randomized passwords all in one place.
Initially, all of Bitwarden’s masked email options had their own subscription fees or usage limits. That changed in late 2022 when Bitwarden quietly added support for masked emails from DuckDuckGo, which lets you generate an unlimited number of email aliases for free.
Jared Newman / Foundry
While DuckDuckGo offers its own browser extension for creating masked emails, it comes with a big trade-off: Installing the extension prevents you from using any other search engine besides DuckDuckGo.
Bitwarden’s tie-in provides a workaround. You get the benefits of DuckDuckGo’s unlimited email masking, but without having to use DuckDuckGo’s browser extension and search engine. It also works in Bitwarden’s mobile app, providing an easy way to create masked email addresses while signing up for apps.
Bitwarden + DuckDuckGo
From here on, I’ll assume you’re already a Bitwarden user.
To set up the DuckDuckGo connection, you’ll need a desktop web browser running on a computer, not a phone. You’ll also need to temporarily install the DuckDuckGo web browser extension, then set up the Email Protection feature.
From here, the setup gets funky, so follow these steps closely:
- From DuckDuckGo’s email autofill page, right-click anywhere on the page and select “Inspect” from the context menu.
Jared Newman / Foundry
- You should see panel of developer tools slide in next to the webpage. Click the “Network” tab at the top.
Jared Newman / Foundry
- On the DuckDuckGo site next to the sidebar, click the “Generate Private Duck Address” button.
- In the developer panel sidebar, click on the word “addresses.”
Jared Newman / Foundry
- In the sidebar, scroll down until you see the words “authorization: Bearer,” followed by a long string of letters and numbers.
- Copy the long string of letters and numbers (without the “authorization: Bearer” portion) to your clipboard.
The text you just copied is your DuckDuckGo API key, a unique code tied to your account that’s required to set up email masking.
Treat the API key like a password and do not share it with anyone. If you want to generate masked emails on more devices other than your current one, I suggest storing it as a secure note inside Bitwarden. That way, you can access it later on your other devices.
Now, it’s time to plug that API key into Bitwarden:
- Click the Bitwarden extension icon or open the app.
- Select the “Generator” tab at the bottom.
Jared Newman / Foundry
- In the “What would you like to generate?” section, select “Username.”
- Under “Username type,” select “Forwarded email alias.”
- Under “Service,” select “DuckDuckGo.”
- Under “API key,” paste the string of letters and numbers you copied earlier.
- Hit the Reload icon at the top and confirm that a duck.com address appears.
Once this is set up, you can generate masked email addresses directly from Bitwarden’s login creator. Just hit the + button at the top of the app, hit the Reload icon in the Username field, then hit the Reload icon at the top to create an email and hit “Select.” You can then use the “Password” field underneath to create a random password to go with it.
Jared Newman / Foundry
As I alluded to earlier, Bitwarden doesn’t sync your DuckDuckGo API key across devices, so you’ll need to paste it into the Generator tab on every device where Bitwarden is installed. Once you’ve done that, you’ll be able to create masked emails from anywhere.
Finally, don’t forget to uninstall DuckDuckGo’s browser extension from the device where you first set everything up. Otherwise, you’ll be stuck using DuckDuckGo’s privacy-centric search engine whether you want to or not.
Other options
This isn’t the only way to create secure passwords and masked emails in tandem. Some other options worth noting:
- I’ve previously recommended Ironvest (formerly Abine Blur) for masked email addresses, and it also has a password manager built in. The free version has no usage limitations, it works on any device, and its browser extension can create new email addresses with one click when you’re signing up for a website. (I’ve considered using this in place of Bitwarden but am staying put for now.)
- Apple offers an email masking feature, called “Hide My Email,” for paid iCloud+ subscribers, and it pairs nicely with the built-in password management features in iOS and MacOS. It’s best avoided if you don’t exclusively use Apple products.
- 1Password offers email masking for users of the Fastmail email service only.
- Bitwarden’s other email masking options include SimpleLogin, AnonAddy, Firefox Relay, and Fastmail. All have usage limitations for non-paying users, but have other benefits that could make them worth considering. (Firefox Relay, for instance, can mask your phone number as well.)
Sign up for Jared’s Advisorator newsletter to get more tech tips in your inbox every Tuesday.