Exclude Bank Account PINs from Security Audit

tfabian
tfabian
Community Member

Bank account PINs should be excluded from the Security Audit, since all bank account PINs are limited to only four numbers, which 1Password would obviously deem as a weak password.

Comments

  • sjk
    sjk
    1Password Alumni
    edited November 2013

    Hi, @tfabian.

    What you mention is a known issue:

    • In Security Audits' Weak Passwords section, it only monitors for the first password field in each item and it can also include the password fields that deals with PIN like in the Bank items.

    When something's mentioned on that page it often implies our intention is to eventually resolve it. :)

  • KevinSayHi
    KevinSayHi
    Community Member

    Security audit is a good feature, I admit, but maybe it could be a little bit smarter. For instance:

    1. When a Google "login" has the same user name as a Gmail "email account", it is natural that the passwords coincide (this might also apply to Yahoo, etc. though I don't use those). I have several Gmail accounts so my "duplicate passwords" section are filled by those stuff.

    2. A bank account PIN most often has four digits, so no need to show bank account PINs under "terrible" in "weak passwords."

    I do believe that when it comes to security audit, false positives are better than false negatives (just like in static code analysis). And I know I can hide the security audit section so false positives don't really bother me. Nevertheless, making some reasonably smart exceptions might be a good way to enhance user experiences?

  • Stephen_C
    Stephen_C
    Community Member

    The bank account PIN point is mentioned in known issues so will no doubt be resolved in a future update.

    Stephen

  • sjk
    sjk
    1Password Alumni

    Hi, @KevinSayHi. I merged your original topic with this one about the PIN issue too hastily, overlooking your first issue. My bad, sorry!

    Do you have any specific suggestions for keeping unwanted "false positive" items from appearing in Duplicate Passwords? If you'd prefer to start a new topic specifically about this I promise not to mess it up this time. :)

This discussion has been closed.