feature request: search by current password
Hi
Not sure if this is where I ask for a feature request ... but here it is.
I'd like to be able to search by current password ... ie ... show all sites where the current password is abc123. This would make it much easier to find all those sites using a password which may have been stolen and posted on the internet.
This came up when I received an email from Pandora stating that my username and password had been found on one of those sites where they post those things. It was NOT stolen from Pandora!!
Peter.
Come to think of it ... this might be a great idea for Agile ... search for their customer names/email addresses on those lists of stolen ids and advise their customers!!
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:search by current password
Comments
-
Hi @pbedouk,
Thanks for taking the time to send us your suggestion!
It's actually already possible to search for all items with the same password: simply type that password in the 'Search' field in 1Password. If you see a button that says "Expand Search to All Fields" at the bottom of the search results, click that. Any item containing that same password should be listed in the results. To make it a bit easier, click on the magnifying glass in the Search field (while that field is empty) and select "Search All Fields". Now you won't need to click the "Expand Search to All Fields" button when searching for a password.
There's another way to see items with the same password: In the left sidebar of 1Password, click Duplicate Passwords (which is listed in the Security Audit section). That will list any item that has the same password as another item. This might be an even more helpful way to find items with the same password because it looks in the main password field and ignores the 'previously used passwords' section.
Hopefully this helps, but please let us know if you have more questions about that. Cheers! :)
0 -
hi ... thanks!
I did use the search all fields option ... which does what it says ... searches all fields ... including previously used passwords. I was trying to find those sites where the current password matches the search field. This would just speed up the process, which is quite doable with your suggestion!
The security audit is a better way ... and quite revealing too.
Thanks again.
0 -
Hi again,
the helpful folks over at Pandora passed on this website to me. Might be helpful to your customers to find out if their email is part of the more than 1 billion accounts which have been hacked.
Peter.
0 -
Hi @pbedouk
On behalf of Drew, you're welcome! Just a comment, if you want to make sure you don't have duplicate passwords anymore you can click on "Security audit" on the left, under the categories and you'll see that one of the options is "Duplicate Passwords". It can help you navigate your duplicates and make them all unique even before they are compromised!
Thank you for the link you gave us, I'd be curious to learn more about this site and what exactly they take into account to give you an answer!
If you have any other questions, please don't hesitate to ask :chuffed:
0 -
The HaveIBeenPwned website is an awesome service provided by Australian security researcher and trainer Troy Hunt (@troyhunt on Twitter). He trains all over the world and writes Pluralsight courses on security. The HaveIBeenPwned site maintains a list of compromised email addresses by site (with careful considerations and no passwords saved) to determine if your account was compromised at a particular site. Troy has written extensively about it on his blog and Twitter and I believe he's a frequent recommender (and user) of 1Password. I searched his site name here to see if it had been mentioned before; I was kind of hoping to see the API for his site integrated in 1Password as part of the alerts system to warn of passwords that might be compromised that are stored in 1P, though I know that might be an issue since the current AgileBits approach is to download the compromised site list and check offline to avoid data leakage. But I'd like to see it integrated somehow as an option. Sorry to hijack the thread, happened to be the first HaveIBeenPwned site mention I found, as I noted :-)
0 -
@dszp: No, I'm glad you brought that up! First, I feel like a bit of a dolt not knowing that Troy was Australian...though I suppose that's not at all relevant. :lol:
But yeah, HaveIBeenPwned is a great service. You make an excellent point about Watchtower: we're really focused on not knowing anything about the sites our customers visit, so it's always something we need to consider. Perhaps we'll find an elegant solution though. :)
0 -
@brenty I wonder if there's a way to either use the HIBP service as part of Watchtower's sources to at least determine if a site has been compromised (maybe it already is?) from the list of breaches HIBP maintains, which could be used and notified locally as it always has been with Watchtower (I don't actually know what sources Watchtower uses, haven't seen an official list anywhere). And/or, there could be a link within 1Password to HIBP with or without a specific email address from the UI that people could use themselves. Just seems to be a good opportunity for some synergies (caution: buzzword bingo :-)
I've watched some of Troy's Pluralsight videos (he has some free videos on his site as well)...if you've seen or heard him speak, there's no doubt he's from Australia! He's been interviewed on a few security podcasts as well (I think Risky Business is the most recent interview I can recall hearing him on, but could have been another, I listen to 5-6 of them).
0
