Couple Feature Suggestions [Security Audit improvements]

BasilFawlty
BasilFawlty
Community Member
edited January 2018 in Mac

First, in Security Audit, it would be nice to have the option to ignore "Weak Passwords". There are some logins that, believe it or not, require a weak password. For example, Ssa(dot)gov, incredibly Social Security requires no more than 8 digits and only letters and numbers. No special characters, etc. As a result it always was getting tagged as "Weak". I did a workaround by Typing in my Password, then adding to the password like this: "X1FSR4DQ<<First 8 Characters Only" (This not my real password obviously). I really like to be able to just have the correct password but have the Security Audit ignore it since I have no choice.

Another one I'd like to see is the ability to tell Security Audit to ignore certain duplicate passwords. For example, my logins for my Apple ID and iCloud are exactly the same. I'd love to be able to tell the Security Audit to ignore those because I have no choice but to have them the same. I have other similar examples like on a personal server I own, my cPane and FTP Login is the same. Etc.


1Password Version: 6.8.5
Extension Version: 4.6.12
OS Version: 10.13.2
Sync Type: Dropbox

Comments

  • Hi @BasilFawlty

    Thanks for taking the time to write in with this feedback! We’d absolutely like to implement improvements to Security Audit like this and others similar. For example, sometimes PINs which are restricted to 4 digits get flagged as weak. They are, but obviously in most cases PINs are limited within those restraints. I don’t have any sort of timeframe or guarantee to provide, but it is definitely on the “nice to have” list. :)

    Ben

  • BasilFawlty
    BasilFawlty
    Community Member

    That's good to know. 1Password is a terrific product, but like anything, there is always room for improvement. As an aside, I spent the last 25 years of my 44 years in the military and as defense contractor doing operational test and evaluation that included a lot of Human Factors of complex software systems. 8-)

  • AGAlumB
    AGAlumB
    1Password Alumni

    Yeah, human factors are rough. Thanks for the kind words, and for "taking one for the team" so to speak. :lol:

  • [Deleted User]
    [Deleted User]
    Community Member

    Regarding PINs, there’s a very good article by Nick Berry at DataGenetics that looks into whether all 4-dgiti PINs are of equal value (no surprises: they’re not), PIN analysis.

    And a lot of thoughts on entropy at Information Security – When choosing a numeric PIN, does it help or hurt to make each digit unique?

    Perhaps 1Password could differentiate between regular passwords and PINs, then PIN analysis could be carried out to help us steer away from the weaker numbers.

  • Lars
    Lars
    1Password Alumni

    Thanks for weighing in, and for the links, @neeklamy! :)

This discussion has been closed.