Feature idea: Automatic password rotation
This would probably be no small feat, but I think it would be awesome if 1Password could interface with websites to regularly rotate passwords. For sites that support the service, the desktop app could occasionally contact the website and negotiate the creation of a new random password. Maybe there could be a setting to turn it off for certain sites.
I'm thinking it would require a standard for how the API should work with 1Password. Maybe create some sample libraries, etc.
Maybe it's too aspirational? I think more sites should have two-factor and that might mitigate the need for something like this.
Comments
-
It is a cool idea, for sure, @moose. The problem right now is that there is no standard. That would put is in the not so awesome position of having to develop a standard, and push for its adoption. Then there is nothing stopping our competitors from developing and pushing a competing incompatible standard.
The alternative is that we only support the feature for pages where we know how their change password process works and can reliably reproduce it. But that also isn't ideal as when sites change their layout etc there is the potential to break our workflow requiring an update from us. And of course you'd be limited to, say, the top 500 websites (which probably does not include a lot of the financial institutions folks use for example).
So it does present a challenging problem, but is definitely something we'd like to see a solution to.
Thanks for taking the time to share your thoughts.
0 -
Take the third way!
Who says that you and your competitors have to adopt competing standard. You could get together as a group agree on a standard.0 -
Hi @RichardPayne,
That is a great idea. You might remember that when we introduced the 1Password app extension (for iOS) we opted for an open format that could be used by any password manager instead of being brand-specific. It would be great to have more cooperation in this field - improving people's security is the important thing here. :)
0 -
If that format was the agilekeychain then having your company have in the format probably did not endear it to your competitors. What ever standard is developed would need to be vendor neutral.
0 -
Hi @RichardPayne,
Megs was not talking about the data format that 1Password uses, she was talking about the iOS app extension that integrates 1Password support into the third party apps. Whoever decides to integrate 1Password app extension in their apps, also benefits from the fact that our integration is vendor neutral. So, if a user switches to a different password manager who also uses our app extension scheme, using the extension in the third party apps would open up their password manager instead of 1Password.
So as apps continues to adopt support for 1Password in their app, they also support others who is willing to support the same API we offer.
You can find out more here: https://blog.agilebits.com/2014/08/04/filling-with-your-approval-on-1passwords-app-extension-and-ios-8-security/
0 -
How about having 1password send a notification alert to change password?
0 -
How about having 1password send a notification alert to change password?
Could you please elaborate for me what you envision this doing for you that the Reminders app cannot already do?
0
