Feature Request: handle the "additional security questions"

Sometimes when I log into sites, there are "additional security questions". You know the kind I mean - your mother's maiden name, what was the first concert you attended, etc.

I always use semi-made-up answers for these questions because for some sites the questions are way too simple - e.g., which city you were born in or your spouse's middle name. Someone with access to my social media could easily determine that answer.

Also, I need to save them because sometimes the question is ambiguous - e.g., one site's security question was "what is your favorite food for lunch"...I may not remember the answer I gave two years from now.

Naturally, I save these answers in 1Password...but I have to save them in the Notes field and then look them up in the 1P app and type them in manually. It'd be nice if 1Password offered a sort of "second stage" fill, or understood that sites want passwords sometimes and other answers another time.

I know it's not a trivial feature request but more and more sites are doing this and it'd be a nice add for 1Password.

Feel free, of course, to tell me I'm overlooking something :-)


1Password Version: 1Password Version 6.8.8 (688001) Mac App Store
Extension Version: Not Provided
OS Version: macOs 10.14.1
Sync Type: Dropbox

Comments

  • arturoaubry
    arturoaubry
    Community Member

    Hey, @raindog308

    I totally agree with you that this is a very convenient feature. I'm not a 1Pass team member, but I believe it's 50% available and 50% not. Let me quote matthew_ag from this thread:

    At the moment 1Password can fill many different fields across multiple web pages from a single Login as long as each field is tied to the same value. When creating a Login using Autosave or the Save new Login feature 1Password creates Login items that have each value to be filled associated with field identifiers that are hidden within the web page code itself, e.g. HTML id or HTML name attribute on the <input> element. Identifiers like this are used by 1Password to intelligently match the value to the field where it's supposed to be filled.

    So because this is based on the web page code, it really depends on how web site developers have built their websites. So what you want would work if the website developers specifically chose unique HTML identifiers for each security question and those identifiers were always the same for each unique security question. If this was the case, then 1Password could automatically identify which security question was required and fill in the right data.

    So in theory, it could be done, but it really depends on how developers build their sites... Many of whom don't really care, unfortunately, :/

    Anyway, you should wait for an official response from the 1Pass team, just in case they have other ideas :chuffed: Have a great Tuesday/Wednesday!

  • raindog308
    raindog308
    Community Member

    What I’ve seen is that they make you answer three questions at sign-up time, and then they randomly pick one when they decide you need to answer for additional security. So that puts 1P in the position of having three answers for the same question/field. I suspect there would have to be some kind of user interface chooser, where they’d have to capture more of the actual question in a given field.

    Sounds like a huge headache to me, but then, I am not a wizard like the 1Password developers :-)

  • AGAlumB
    AGAlumB
    1Password Alumni

    @raindog308: Yeah, three potential answers for the same thing is a bag of hurt. :lol:

    Login forms have set standards that web developers can follow, and when they do it gives 1Password a lot to work with as far as understanding the page and being able to fill... But as I'm sure you're aware, 1Password can't always fill even login credentials correctly, because many sites do not follow web standards. I think you know where I'm going with this: there are no standards for "security questions"-type things at all, so there's not really going to be anything we can even use as a starting point. What the user sees on the page and how its coded underneath vary wildly between sites. And given that login filling is not a solved problem and that's the overwhelming majority use case for 1Password, that's where we need to put our time and energy, as that does the most good for the greatest number of people by far. I don't see that changing in the near term, but it's possible that things will improve in this area to the point where it might be feasible to do something like you're suggesting.

    For now, I'd recommend saving "security questions" and their answers in custom fields in your Login item. If you name them exactly as they are on the page, it is possible* that they can be filled. But, if nothing else, that gives you a nice organized way to easily copy their contents with a click to paste them as needed.

    *Though unlikely: websites will often designate the "answer" field as "password"...and 1Password will then try to fill your actual password there as a result, which of course is not helpful.

    Anyway, I'm sorry to crush your dreams here, but hopefully this helps you get a better sense of the situation. Maybe someday. :)

  • raindog308
    raindog308
    Community Member

    Appreciate the response, brenty.

    To be honest, if you told me that I'd never complete visiting all 50 states or that the Detroit Lions would never win a Superbowl in my lifetime, that would be crushing my dreams. This is a minor desire in an otherwise excellent product. No need to take my shoelaces away...I will somehow stagger by :-)

    Thanks!

  • AGAlumB
    AGAlumB
    1Password Alumni

    Fair enough. :lol: I can't help with the Lions (though, if the Red Sox can break their curse, there may be hope!) or the rest of your buckets list...but we'll keep working at 1Password, and maybe come up with something in the future that will help with this. Cheers! :)

This discussion has been closed.