Feature request(s) in light of Heartbleed
It would be nice to have an official security question & answer section for all web log ons, on par with the username and password entries. Then follow that up with a security audit to be able to find websites that are sharing the same security answer across different websites. The idea that I could go through easily and eliminate overlaps so I can not be impersonated either electronically or over the phone. With Heartbleed, it seems possible that any transmitted data included security Q&As, standing payment instruction, etc. could have been captured along with user credentials.
The other idea I had was a referential mapping between hardware and applications (what apps are installed on which hardware devices). Great to know in case of a device theft, and with such a feature, easy to know exactly which passwords need to be updated to render the device's apps useless.
My final idea, it would be great to be able to map which websites hold standing payment instructions (ie. credit card details, bank account details, etc). Same idea, have your wallet stolen, which websites need to be updated to remove reference to the dead card. Close a bank account, which sites need to be updated to remove reference to the dead account.
Comments
-
I think question & answers should be handled on a per-site basis, so it would be possible to integrate that information right into the cards instead of creating a new section (but perhaps I'm misunderstanding you). In the meantime, you can do it yourself until Agile figures out a way to capture that information with their browser plugin. It's easy to add new fields to a card and call them whatever you want. I agree that an audit tool would be a welcome addition.
In terms of your third idea, I asked them for this a couple of months ago on Twitter and still think this would be a great feature. It's (probably) fairly easy for 1Password to monitor which sites you use the credit card auto-fill on. There's always the risk of feature-creep, but I think the benefits outweigh the risks here.
0 -
Thanks so much for the requests here!
It would be nice to have an official security question & answer section for all web log ons, on par with the username and password entries.
Currently, I store my security question and answers within the entry in custom fields. While I agree that it could be useful to add a Security Audit feature to monitor when these answers are the same, I might have an even better idea for handling those security questions. With 1Password installed, why bother telling the truth in those answers? Have a read through our blog post here: My father’s middle name is vR2Ut1VNj. I have to say, this is one of my favourite tips that I have learned working here. Randomly generated answers will ensure that you are not using the same answer to the same question on multiple sites. Just a thought. :)
The other idea I had was a referential mapping between hardware and applications (what apps are installed on which hardware devices).
My final idea, it would be great to be able to map which websites hold standing payment instructions (ie. credit card details, bank account details, etc).
I think these are great ideas. In part you can monitor this for yourself already using Tags. I've added an 'address' tag to any Login that requests my address, so I know where I'll need to update my address if I move, and a 'credit card' tag for all sites that have my credit card information saved. I agree, it would be great if 1Password could do this automatically, and I'm happy to pass your request along, but it's nice to know that you can already get some of this functionality already!
0 -
Thanks Megan,
I am already migrating security questions and answers to randomized text strings. I just wish there was a more formal place for this information and some level of security audits conducted on those fields. During the migration process, I'd like to know which items were the highest priority for migrating because they share some information.
I use tags extensively and unfortunately, the tag field isn't as user friendly as it used to be. Tags are not wrapping on screen, so if you have too many, you can't see all the tags assigned to a record. If this method is to be the official recommendation, the data in tags field needs to be wrapped on screen.
0 -
Hi Parasight,
I didn't mean to make a new section on par with Logins, Secure Notes, Credit Cards, etc. I mean to say that records in "Login" ought to have to have a revised structure, with a security questions and answers section/fields akin to the "Login" and "username", "password" fields. Username and password fields are not custom and have security audit features to look for shared passwords. My idea is that security questions and answers should be added as a non-custom feature and function the same was as username/password fields, with corresponding security audit review tools built around.
Thanks!
0 -
Thanks so much for clarifying your thoughts here. At this point, tags are the best way to achieve the functionality you're looking for. You're right, they're not quite perfect yet, and our developers are looking to polish this feature out in the future. Your feedback helps a lot! :)
0
