Temporary Email with Access Code

What Is an Access Code?

When you create a temporary email on NukeMail you get a unique access code in the format NUKE-XXXXXXXXXX. This code is the only thing linking you to your inbox. There isn't a username, a password or an email address on file. You just have a short string you can write down, paste into a note or take a screenshot of.

The server creates your access code using cryptographically random characters that mix uppercase letters, lowercase letters and digits. There are roughly 839 quadrillion possible combinations. This makes it impossible for anyone to guess your code by trying random strings.

Think of it like a locker key at a train station. You put your stuff in, you get a key, you walk away. Come back with the key and your stuff is there. If you lose the key nobody can help you, but nobody else can get in either.

The access code shows up in your inbox the moment you create it and you can copy it with one click. Some users save it in a password manager. Others jot it down on paper. Some screenshot it on their phone. The way you store it doesn't matter as long as you have it when you need it. NukeMail intentionally doesn't send the access code by email because that would require having another email address on file. That would defeat the privacy model entirely.

Why Not Just Use a Password?

Passwords require identity. You need an email address or username to link them to, so the service now knows who you are. That ruins the point of using a disposable email service. The goal is that you leave no trace of your real identity behind.

Access codes remove the need for an account system. There's no signup form, no forgot password flow, no email verification (which would be ironic for a temp email service) and no profile page. You get a code and use it when you need it. Once your inbox expires, the code stops working.

Security-wise, access codes avoid the risks found in password systems. There is no password database to breach. There isn't a weak password to brute-force. You don't have to worry about password reuse vulnerabilities either. Each access code is unique, randomly generated and time-limited. When the inbox is deleted, the code becomes inert. It doesn't protect anything anymore because there is nothing left to protect.

This also means NukeMail has nothing to leak if a data breach happens. There aren't any password hashes to crack. There aren't any email addresses to expose. There isn't any personal data stored with your temporary inbox. Your access code is your identity. When the inbox gets deleted, the code becomes meaningless.

Using Your Access Code Across Devices

One practical advantage of access codes over cookie-based sessions is portability. If you create a temporary email on your laptop and then need to check it from your phone, you just enter the access code. You don't have to deal with a log in on another device flow or a QR code to scan.

NukeMail remembers your session automatically with a secure cookie if you stay on the same device and browser. You can refresh the page, close the tab or open a new one because your inbox stays. The access code is a fallback for when you switch devices, clear your cookies or use a different browser.

You can use this when you sign up for a service on your computer but need to verify the email from your phone or the other way around. You aren't locked to the specific device where you first created the inbox.

The cross-device flow is easy. On the new device, visit NukeMail and click "Have an access code?". Paste your code and you are in your inbox right away. The new device gets its own session cookie so future visits on that device happen automatically. Both devices can have active sessions at the same time. There isn't a "logged in elsewhere" limitation or a forced logout.

What Happens When Your Access Code Expires

Free access codes remain active for 24 hours after creation, giving you full access to read and receive emails. After 24 hours, the inbox enters a locked state for an additional 13 days. During this locked period, your access code still works. You can see who emailed you and the subject lines, but the email content is inaccessible unless you upgrade to premium.

Once 14 days pass, your access code stops working for good. The database clears out your token along with every email address and message linked to it. If you try to enter the code after that, you'll just see a message explaining that your inbox has expired.

Premium users keep their access code alive while their paid time hasn't expired. Even after premium time runs out you've got a three-month dormant window before deletion. Renew it soon. This gives you time to re-up if needed.

How This Compares to Other Temp Email Services

Most temporary email services lack any way to keep your inbox active. You open a tab to get a random address, but if you close that tab or clear your cookies, the inbox disappears. Services like 10 Minute Mail and Guerrilla Mail are built around this short-term model. This works for quick verifications, but it fails if you need access for more than a few minutes.

Some services give you a recoverable address but force you to create an account. This collects your personal information and defeats the whole point of using a private inbox. NukeMail works differently because you get a way to return to your inbox without handing over any personal data. The access code system is the specific tool that makes this possible.

Mailinator makes inboxes public so anyone who knows the address can read the emails. That is convenient but creates obvious privacy problems. NukeMail access codes stay private to whoever has the code. The inbox isn't accessible through the email address alone because you need that specific code to get in.