Compromised Websites: Old Passwords

Love the new Compromised Websites functionality but why is it flagging password entries (as well as current logins)? I remember discussing this in another context where password records were supposed to be filtered out.

Comments

  • BenBen AWS Team

    Team Member

    Hi @leesweet

    I'm not sure why we would filter out password items, however, if these items are no longer relevant then it may make sense to delete them?

    Ben

  • The point was, by default, 1P saves them and flags them, as well (in the same list) the current website. What's the point of flagging the password entries? Are they the source of the 'history' in the website entry or is that separate? Seems like they shouldn't show up since you can't use them directly, correct?

  • BenBen AWS Team

    Team Member

    The point was, by default, 1P saves them and flags them, as well (in the same list) the current website. What's the point of flagging the password entries? Are they the source of the 'history' in the website entry or is that separate?

    One of their purposes is as a record for the password generator, until converted to a login. That is not their only purpose though. Also: what about cases where someone forgets or there is a glitch and the password item is never converted to a login? Wouldn't you still want to know if the site that password were for is compromised?

    Seems like they shouldn't show up since you can't use them directly, correct?

    You can. Obviously because they are lacking a username field they won't be able to fill your username, but they can fill your password. :)

    Ben

  • Yeah, I just think they aren't a 'compromised' site. So, if we don't need an old password, we can delete them from there, correct?

  • BenBen AWS Team

    Team Member

    Correct. :)

    Ben

  • Gotcha, thanks much!

  • BenBen AWS Team

    Team Member

    You're very welcome. If we can be of further assistance, please don't hesitate to contIf there is anything else we can do, please don't hesitate to contact us.

    Ben

This discussion has been closed.