Exclude Bank Account PINs from Security Audit
Comments
-
Hi, @tfabian.
What you mention is a known issue:
- In Security Audits' Weak Passwords section, it only monitors for the first password field in each item and it can also include the password fields that deals with PIN like in the Bank items.
When something's mentioned on that page it often implies our intention is to eventually resolve it. :)
0 -
Security audit is a good feature, I admit, but maybe it could be a little bit smarter. For instance:
When a Google "login" has the same user name as a Gmail "email account", it is natural that the passwords coincide (this might also apply to Yahoo, etc. though I don't use those). I have several Gmail accounts so my "duplicate passwords" section are filled by those stuff.
A bank account PIN most often has four digits, so no need to show bank account PINs under "terrible" in "weak passwords."
I do believe that when it comes to security audit, false positives are better than false negatives (just like in static code analysis). And I know I can hide the security audit section so false positives don't really bother me. Nevertheless, making some reasonably smart exceptions might be a good way to enhance user experiences?
0 -
The bank account PIN point is mentioned in known issues so will no doubt be resolved in a future update.
Stephen
0 -
Hi, @KevinSayHi. I merged your original topic with this one about the PIN issue too hastily, overlooking your first issue. My bad, sorry!
Do you have any specific suggestions for keeping unwanted "false positive" items from appearing in Duplicate Passwords? If you'd prefer to start a new topic specifically about this I promise not to mess it up this time. :)
0