Feature request: username filter and generator
I have dozens of usernames for various websites and email accounts I've created over the years. For security and privacy reasons, when I create a new account somewhere, I'd like to avoid re-using a username that I've already created but forgotten about.
Unfortunately, there is no way -- as far as I know -- to filter and display just usernames in 1Password. That, I think, would be a very helpful feature to add. As would a username generator so I don't always have to spend 30 minutes trying to come up with a username.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hi @Boosh
Thank you for taking the time to write in with these thoughts. We generally do not recommend randomizing your usernames. From our Chief Defender Against the Dark Arts, Jeff Goldberg, in April 2013:
Although given common attacks, there might be some slight security gain by using an obscure username, I think that the suggestion is not just a violation of Kerckhoffs' principle, but it is contributing to a real problem we have with confusion about what should and shouldn't be secret.
(emphasis mine)
You can read the whole thread in context here. As such I don't imagine we would spend time building features that encourage this practice. That said, that advice was admittedly from some time ago, and it is possible things have evolved since then. I'll bring the subject up with our security team for further consideration. :+1:
Ben
0 -
Interesting. I would think that re-using the same username with many accounts would benefit an attacker because they could then assume you might be re-using the same email address for that account as well. So, they could piece together more easily a profile of you based on your posts on Reddit, for example, and your interests based on which websites you use. I imagine this would make doxxing easier, as well as phishing and social engineering. But maybe I'm overthinking this and being too paranoid.
By the way, on a related note, I was trying to use 1Password's search filters on the username field and it seemed like it was broken. I used the "Username is not" filter to exclude certain usernames or email addresses that I've used repeatedly but they weren't being excluded. For some reason, 1Password still displayed some, but not all, of those logins with the usernames I was trying to exclude. I'm not sure if it's a bug or if I'm using the filter wrong or if there is a limit to how many filters you can apply.
0 -
@Boosh - there are (as you've no doubt already seen in that thread from 2013) differing opinions on the subject. But I've learned to place a great deal of weight on jpgoldberg's opinion; he is usually right. There's no harm, per se, in being duckdogdevil on one site and babaloo42 on another and rtuv4567v%&5RxcYd on a third, if you want to keep your identities separate (or at least in certain cases you want that). But by the same token, there's also nothing wrong with being Boosh everywhere -- and in some cases where "branding" is important, it's critical for some people. In both cases, however, the username shouldn't be assumed to be (or used as) part of the security mechanism -- that's what both jpgoldberg and Kerchoff's Principle are getting at.
Regarding search, that seems to be working here: what specific steps were you taking? Did you use "Show Search Options" in the main 1Password app, like this?
0 -
@Lars I read the forum link above as well as about Kerchoff's Principle. I won't stress about my old login accounts that re-use the same username.
As for the search filters, yes, I clicked on the Search Options. I tried it today and it seems to be working but there is still some weirdness. I created several "username is not" filters and added several email addresses and usernames. Not surprisingly, when the filters were applied, the number of items sorted decreases, as expected. However, when trying to filter certain usernames like "boosh", for instance, the item filter account actually rises after applying the filter. That makes no sense to me.
Anyway, I'll keep playing around with the search options to see if I noticed any additional weird or unexpected behavior or results.
0
