Suggestion: 1Password should alert when a password that is being filled is insecure or common

1Password prompt when filling via browser extension should provide a visual notification when you are using a common or insecure password and give a quick and easy way to generate a new one to replace it. This would be helpful to update old passwords I have in 1Password that I should be updating to generated ones.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:alert insecure

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @3rdparty: This isn't something we're going to do in the short term, as it would require checking the password against a large (to put it mildly) database, but if it becomes feasible in the future I think it would be a great additional to Watchtower. Thanks for the suggestion! :)

  • 3rdparty
    3rdparty
    Community Member

    @brenty Thanks for the prompt reply. When I said common I mean common amongst my own saved passwords, not a generic list from the Internet. It would help me to use 1PW more effectively as a visual reminder to update to a more secure password on a site by site basis. Cheers

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hello @3rdparty,

    I can see the potential in what you're asking for but my one concern is treading the fine line between useful prompting and it becoming nagging at which point the forums and our email would likely explode from irate users. When we first introduced the authorisation between the extension and 1Password it drove some people nuts because there are certain cases where the user could be prompted more than they should be and their point of view is entirely understandable.

    If it could be developed to be encouraging but not overly irritating then maybe it could help improve people's security. Until then though don't forget about the Security Audit feature in 1Password, at least if you're on a Mac. I think it does everything you would want except for the more aggressive prompting that you think would be beneficial. By aggressive I simply mean any prompting versus the more passive nature of the current security audit feature.

This discussion has been closed.