Feature Request: Automate password changes [under consideration]
Comments
-
I do not want that feature. Why is that so hard for you to understand?
automatic |ˌôtəˈmatik|
adjective
1 (of a device or process) working by itself with little or no direct human control: an automatic kettle that switches itself off when it boils | calibration is fully automatic.0 -
Be nice. Let's all have a tall, cool one together.
0 -
Don't most sites need you to confirm by email to make the change?
0 -
My experience says that's rare.
0 -
@prime I would say that if I've experienced that ever, it has certainly been the exception and not the rule... At least in the last 5 years. It used to be, with many uninformed web developers, that if you changed your password on a site they would email you the new password. The fact that they were even able to do that indicated terrible security practices. But I digress.
The more common thing now, if anything, is to simply email you informing you that there has been a change and to contact support if you did not cause it.
0 -
LastPass has incorporated Auto-Password Change to its app, has 1Password
plans to add this too?0 -
Hi @Stinky,
Thanks for writing in. Unfortunately, we have a policy of avoiding talking about specific plans, so we can't say whether or not that feature's in the works.
Rick
0 -
+1
0 -
Again, automatic password change is a "feature" as much as acne is a feature for teenagers. If such a function were implemented, I would immediately stop using 1P and would instead search out a competitive password manager more attuned to my needs.
0 -
Hey all.
There's nothing I can add to what Rick already said in post #39 but thank you for adding your thoughts.
Some observations.
- Anybody using any password manager is already reasonably savvy in my opinion.
- Saying that there are many that are loyal 1Password users because of the localised and hands-off nature of our approach.
- I know for a fact that our devs like to take a hands-off approach to your vault. It's your vault and we should't be mucking about with it.
As just a user of 1Password and not somebody that is part of the team, lets say 1Password did gain such a feature.
- I would be very surprised, shocked even if it wasn't off by default. Users like Plato shouldn't need to use it at all if they don't want to.
- The point of the feature is it's meant to be a timesaver, so that would suggest either automated or simple to use - maybe something like the App Store updates page. Each site could have an Update button and there is an Update All at the top.
- Like others, I would expect such a feature to reside solely on my machine. Yes we'd need to download schema but the actions would be performed by 1Password from my machine and only between my machine and the single site in question.
As MrC has stated though with his insightful posts, this kind of feature doesn't scale well at all. Each site would have to be tested on a routine basis to ensure our schema for the site worked. By schema I simply mean the steps required to change a password. Everything would have to work flawlessly and it would have to be able to recover from an error and realise when a password change hasn't gone through.
Just to reiterate AgileBits position though.
Thanks for writing in. Unfortunately, we have a policy of avoiding talking about specific plans, so we can't say whether or not that feature's in the works.
0 -
@Plato Okay... consider to be duly noted your opposition to "automatic" password changing (according to your definition of it, which seems to be the concept of 1Password, by itself, without any user intervention, initiating password changes on websites... according to some schedule, I suppose). Just keep in mind that, when the rest of us are discussing "automatic" password changing, we're talking about 1Password giving us the ability to, say, right-click on one of our Login items and click on a menu item like "Automatically change password", whereupon 1Password would, invisibly, use our current password to negotiate a new password with the website and update our login with the new password. Note that this process would have to be initiated by the user. That's what the rest of us are discussing. So, if it begins to look like that feature is in danger of actually being implemented, I think you can continue to sleep soundly at night.
0 -
... which is why I didn't try to get you to change your definition of the word. I'm only hoping that you'll accept that the rest of us mean something different when we use it in this thread. If this is a problem for you, then I think we can probably accommodate your sensitivity to the word by switching to another term... perhaps "user-initiated-but-otherwise-not-requiring-any-other-user-involvement password changing", with the understanding that, if it gets implemented in 1Password, it probably won't be called that, as it would make the context menus unnecessarily wide.
0 -
I'd like to step in here to say (with a great deal of confidence) that if we were to ever add a feature to 1Password that changed your login password on a website for you, you would need to take an action to tell 1Password to do that. It would not just randomly decide to start changing your passwords on websites - I don't think anyone in this discussion is asking for that, or would want that.
The point of a feature like that would be to make it easier to change your login passwords. But as always, you would be in control of whether or not you changed your login passwords. Your 1Password vault contains your data, and you're in control of it. 1Password doesn't do something with that data unless you tell it to.
Let's take login form-filling as an example here: Web browsers usually have an "auto-fill" feature that (if enabled) can save your login information and fill it for you on a website as soon as you open that site. But 1Password doesn't actually have an auto-fill feature - in other words, it will only fill your data when you explicitly tell it to do so by double-clicking a Login item in the main 1Password app, or by selecting the Login item from the 1Password extension in your web browser (or using the ⌘\ keyboard shortcut). Because sensitive data is involved, we never assume the user just wants us to fill the login form without their consent, so we leave the control in the user's hands (auto-submit settings are also under user control).
The same is true with other 1Password features as well. If you log into a website and don't already have an existing Login item for that site, 1Password will ask if you want to save a new Login item. If you change a login password on a website, 1Password will ask if you want to update your Login item with the new password. If you save a Login from a secure site (i.e. https) and later try to have that login info filled on a non-secure version of that site (i.e. http), 1Password will give you a warning, and ask if you still want to do that. If you use the Watchtower feature, 1Password will warn you about your Login websites that may have been compromised, and will suggest that you change your password on those sites.
In each of those examples, 1Password does some things automatically, like automatically detecting that you logged into a new site, or automatically detecting that you've change a password on a site. But it does not automatically change or use your data without you explicitly giving it permission or taking an action to have it do so.
So I hope this helps to make it clear that, if 1Password had the ability to change your login password on a website for you, you would first need to tell it you wanted it to change your login password on a website for you. Then, 1Password would of course need to perform some automated functions to complete your request - but the point is that you would need to request it.
Again, we don't currently have a feature like that in 1Password, and I don't know if we will. But if we ever do, please know that we want you to be in control of your data. If you've had any concerns about that, I hope this helps to put you at ease. Thanks for reading! :)
0 -
Hi, I'd like to request an update on this feature request.
I am a long-time, loyal user of 1Password but am about to jump ship to one of your competitors unless someone can tell me that auto password changing is being planned. I have logins for so many hundreds of sites, and these days receive so many emails from sites recommending password changes following data breach etc., that I feel this is now indispensable.
I think the security concerns expressed earlier in this thread are misplaced: automated password changes shouldn't require any compromise at all on the localised/private nature of the 1Password vault - it can all be done using a background browser login from the user's own Mac.
:-)
0 -
Hi @secretwings,
Thanks for letting us know you're also interested in this feature!
As you may have already seen in some of our previous replies to this thread, "we have a policy of avoiding talking about specific plans, so we can't say whether or not that feature's in the works." That doesn't mean we'll never add that feature, but it doesn't mean we will, either. I know that's not what you want to hear though, and I'm sorry I don't have a better answer for you.
We definitely appreciate that you're passionate about having that feature! Keep in mind that a feature like that cannot work with all websites. Web forms to change passwords work differently on just about every site - they're even less consistent than login, address, and credit card forms. We would need to create custom code for nearly every website, and although I'm sure some of the more popular sites would be supported first, you would likely still need to manually change your password on many (if not most) of the sites where you have logins. But don't get me wrong - it's still a great idea for a feature, and could certainly be helpful!
As far as security concerns, we certainly wouldn't add a feature like that if we felt it would compromise the security of your data.
Again, I'm sorry I don't have more concrete information for you, but I'll definitely add your feedback to our internal tracker. We're here for you if you need anything else! :)
ref: OPX-313
0 -
I can't imagine that this hasn't been already posted, and I can't imagine the engineering to do this but... It would be great if there where a 1-click way to change a password through 1p. Other products like lastpass already have this, but I don't want to switch. Right now it takes hours to go through old and vulnerable passwords and change each one on their website.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided0 -
Hi @shalperin,
I've merged your request with an open discussion on the matter. You're certainly not the first one to suggest this, and this is something that we've been considering for a while now. Drew has a pretty great comment above that talks about some of the challenges when implementing a feature like this. That being said, I'm happy to add a vote for you to the issue in our internal tracker.
Thanks for your interest, and please let us know if you have any further questions about 1Password! :)
0
