audit of passwords - in response to gawker hack

Lifehacker put out an article for a password keeper to help audit your passwords.
http://jalopnik.com/5712958/use-lastpass-to-audit-and-update-your-passwords

1) "If you give LastPass permission to run through your passwords, the app can run a "security challenge" and show you which passwords are decent, which are pretty much asking to be hacked, and provide direct links to where you can fix them."
2) "LastPass will now scan all your saved passwords in a few seconds. When it's complete, you'll see a report detailing all your analyzed sites, sorted by duplicate passwords."

Do these features exist in 1password? If so can you point me to some documentation on them? Of course I searched for terms like audit but came up empty.

Thanks!

Comments

  • It does help thanks, that is a passable solution for the time being.

    I know you guys have been focusing on adding support for more platforms, browsers and such. However it seems like some strong competition is coming up in the market with some strong feature sets around proactive security measures. If you reswizzled this search feature you could all the sudden market it as a proactive security measure. Maybe something for reactive security like, 'select the account you know was compromised and we'll identify any other accounts we think are at risk', maybe by similar passwords or similar usernames.
  • MartySMartyS AgileBits Customer Care (retired)
    Thanks for your additional ideas! Using the technique that Stu outlined, you can search for any items with a password containing the search string. That way if you had a compromise of your "xyzzy" password, but might have also used "xyzzy2" on another site just enter "xyzzy" (without the quotes) and have 1Password search your passwords — it will list them all. You can do the same thing for Usernames. 1Password does it now! B)

    Oh, and welcome to the forums too!
  • stu wrote:

    At the moment, 1Password doesn't feature an 'Audit' option to scan your passwords, however you can use the search option within 1Password to search for any items that use the same password. Just enter the password in question and make sure that you've selected 'Password' from the right-hand set of options.

    We have had a few requests for a better way to do a password security scan within 1Password, and this is certainly something we're looking into for the future.

    Hope that helps,



    I don't see a "right-hand set of options" when I use the search box. Is there a different search function I've missed? {also new to the forum, so -sorry if this is elsewhere.}
    JGB
  • MartySMartyS AgileBits Customer Care (retired)
    JGBrown wrote:

    I don't see a "right-hand set of options" when I use the search box. Is there a different search function I've missed? {also new to the forum, so -sorry if this is elsewhere.}
    JGB


    Welcome to the forums, JG!

    I'm sorry for any confusion. The "right-hand side" is of the main 1Password application window, and just below the Search field. Please take a look at this screenshot, where I have chosen to search for a string of "testing" in all the nooks and crannies that 1Password has to offer.

    1Password-20101214-215855.jpg


    Just type in the password, username, domain name or whatever to search for. Whatever you type will be found anywhere in the fields, not just at the beginning and not just exact matches. So if you used passwords like XYZZY1, XYZZY2, 1XYZZY, 2XYZZY, etc. you can type "xyzzy" (without the quotes) and they will be found where you tell 1Password to search.

    You'd never choose passwords like that, so that's just an example. :)
  • Thanks for the info -- I came to the forum to find out how to search for my weak password leaked by gawker.
  • MartyS wrote:

    Welcome to the forums, JG!

    I'm sorry for any confusion. The "right-hand side" is of the main 1Password application window, and just below the Search field. Please take a look at this screenshot, where I have chosen to search for a string of "testing" in all the nooks and crannies that 1Password has to offer.

    1Password-20101214-215855.jpg


    Just type in the password, username, domain name or whatever to search for. Whatever you type will be found anywhere in the fields, not just at the beginning and not just exact matches. So if you used passwords like XYZZY1, XYZZY2, 1XYZZY, 2XYZZY, etc. you can type "xyzzy" (without the quotes) and they will be found where you tell 1Password to search.

    You'd never choose passwords like that, so that's just an example. :)



    Found it! Thanks very much, Marty. Now to swap them out with new pwords. [way to many, I'm embarrassed to say.]

    JGB
  • MikeTMikeT Agile Samurai

    Team Member
    edited December 2010
    JGBrown wrote:

    Found it! Thanks very much, Marty. Now to swap them out with new pwords. [way to many, I'm embarrassed to say.]

    JGB
    Hi JGB,

    At least with 1Password, you won't have to remember all the new passwords. It's easier to change the passwords to extra strong passwords for dozens of sites than it is to actually have to remember every single new password. I can't barely remember my cell phone number and yet, it would be a hellish for me if I have to remember even more complicated strings of characters for just ONE site.

    I envy the people with perfect memory, even though it may also be a curse for them since they can't easily forget.
  • Thanks for the suggestion. But let me add my vote that 1Password add auditing features. To reiterate what others have said above:
    - Displays all duplicate passwords.
    - Sort by password strength.
    - Sort by password age.

    MartyS wrote:

    Thanks for your additional ideas! Using the technique that Stu outlined, you can search for any items with a password containing the search string. That way if you had a compromise of your "xyzzy" password, but might have also used "xyzzy2" on another site just enter "xyzzy" (without the quotes) and have 1Password search your passwords — it will list them all. You can do the same thing for Usernames. 1Password does it now! B)

    Oh, and welcome to the forums too!
  • roustemroustem AgileBits Founder

    Team Member

    Thanks for the suggestion. But let me add my vote that 1Password add auditing features. To reiterate what others have said above:
    - Displays all duplicate passwords.
    - Sort by password strength.
    - Sort by password age.


    I like your suggestion a lot. We'll try get something done in this area.
This discussion has been closed.