[New Feature Request] Dialog identify when site login is by Social Network

So many sites now a days use Social Networks as login options. It is hard to remember if a specific site is using Google/Facebook/LinkedIn or custom login provided by that site directly. It would be great when you create a new Login instance in 1Password that identifies if SNS is used and what account it was. Then in the browser plugin (for example Google Chrome) when you select that site in the extension for login, if an SNS is used, it shows a lightbox dialog that says " hey! for this site, you actually used Google Accounts: [email protected], please select this option for login" (or something along those lines).


1Password Version: 4.6
Extension Version: 4.4.3.x
OS Version: Windows 10 Pro
Sync Type: Dropbox

Comments

  • brentybrenty

    Team Member

    It would be great when you create a new Login instance in 1Password that identifies if SNS is used and what account it was. Then in the browser plugin (for example Google Chrome) when you select that site in the extension for login, if an SNS is used, it shows a lightbox dialog that says " hey! for this site, you actually used Google Accounts: [email protected], please select this option for login" (or something along those lines).

    @JeffKozloff: Interesting! (Un)fortunately 1Password only sees the login form itself, which will be at a URL for the single-sign-on site you're using (e.g. a Facebook login form will come up with a Facebook URL), so in these cases 1Password doesn't actually have any information about the site you're trying to log into using the single-sign-on.

    The chief problem with this, however, is that this would mean having 1Password offer logins for sites other the the one you're on, which is a Bad Thing™ 99% of the time.

    Personally, I save this information in the Notes section of logins so it doesn't get in the way, but it also searchable in the main 1Password app using "Search All Fields". That makes it easier to keep track of all of this, but it's important to be very circumspect about the sites you login to using single-sign-on, as a flaw in that process then means possibly exposing your credentials to a large number of sites, rather than just one. For example, I don't have payment information stored in my Facebook account, but if I use it to login to a shopping site, my Facebook login being compromised could then result in financial exposure as well.

    So while it would certainly be convenient(!) for 1Password to help manage this sort of thing, we're not going to go that route unless we can do it in a way that doesn't pose a security risk. :)

  • Hi Brenty! Thanks for follow-up! Maybe some visuals will help with my idea as I think maybe we are not on same page???

    Let's take Agilebits own forum we are in now. It has two methods... home grown login authentication OR Google Accounts. So I create a new entry in 1Password

    After user selects "Social Network Authentication" (Sorry for poor labeling :blush: ) they can then select one of many Social Networks such as LinkedIn, Facebook, Google+, MS Account, etc. They are then provided a text box where they can type username (as they might have more than 1 login to that given social network.

    now when I come to AgileBits Support forum and select Agile Bits in Google Chrome plugin then presented with infro dialog that you actually use another authentication option. Very hastily drawn example shown below of user flow.

    I think this flow will result in minimal security risk, while still providing sufficient information to the user without needing to open 1Password desktop application.

    Just some thoughts I wanted to share :)

    Thanks!
    Jeff

  • Greetings @JeffKozloff,

    It's an interesting idea although not one that would be backwards compatible as it would seem to require 1Password to be aware on every platform.

    You can kind of achieve the same idea while you wait. Don't get me wrong, it's a bit hacky sure but it would work. You create a Login item for the site in question and you only set the username, using sentence that informs you of what service or Login item you need to really use (like your message but a bit more terse). You then set the submit option for just that Login item to Never submit and this would leave the message in the username field for you to view. It's like a poor man's message version of what you described.

    It's an interesting notion that somebody else brought up recently, that's when I thought of the above suggestion as a way to assist. You've fleshed it out though - for those that use Single Sign On Authentication I can see how it might be useful.

  • I'm just here to say that I'm looking for something like what @JeffKozloff is proposing. Anything to remind me that I signed in with Google, Facebook, etc. would be helpful. I really like the idea that @littlebobbytables offered and I will start doing that, but a slicker solution would be welcome. Just to throw out ideas, look at the following screenshot:

    If there were a Facebook or Google icon beside 'Agilebits' to suggest I logged in using one of those, that would be nice. I'd be happy to set that info manually, and I understand that it would only show up while on the domain of the site I'm looking to log in to. All I'm looking for is a hint that I used SSO.

  • brentybrenty

    Team Member

    @spacebaby: Ah, yes, that could very well be helpful! We'll certainly consider that and other ways we can improve this in the future. Just keep in mind that changes like this will show up in the current version of 1Password, so if and when we add this you'd need to upgrade to take advantage of it. Thanks for the feedback! :)

  • Hi @spacebaby,

    If you found value in my suggestion then there is a modification that could be made that might help here.

    Let's say you use Google for your SSO needs. If you edit the Google Login item you should be able to select the Google icon and use ⌘C to copy that icon, even though it's just a Rich Icon that was set by 1Password. You would then cancel the edit command as we don't actually want to edit the item at all, merely we want to 'borrow' the icon. Now you would edit the intended target, select the icon you want to replace and then use ⌘V to replace the Rich Icon for this Login item, setting a custom icon that is the icon for Google. I don't know if that is of any use to you or not while we look into the suggestion.

  • Hey @littlebobbytables. I tried the copy/paste icon trick and it seems nice. That plus using the Notes section on a Login Item (in case I don't notice the icon and forget that I did this trick) seems good enough for me. I only use SSO for < 5% of my logins anyway. Thanks.

    Thanks for your responses as well, @brenty!

  • Hi @spacebaby,

    I'm glad we could work something up that is manageable for you now rather than waiting for a change at some point down the line :smile:

  • MY 2 cents, this should be optional only. Thanks

  • Hi @Steve_H,

    At the moment the entire workaround is a manual set of steps and anything implemented would be based on what the user instructs 1Password. I can't see how we could make it anything but optional so you should be fine here.

This discussion has been closed.