Default ID/Password? [Identity Fill can fill in your preferred username/email address]
OK, this may be a really dumb suggestion, but I thought I'd toss it out to see what you think.
I have 83 logins stored in 1Password, using long, complex, virtually uncrackable passwords generated by 1Password. These are the Web sites that would cause me worry if there was a security breach, usually because there are personal privacy or financial concerns or both.
Then I have another 137 Web logins (I counted!) where I really don't worry much about someone hacking my password. Think forum logins (like this one!) or the local tennis club booking site. I would prefer to use the same password for all 137 sites to keep life simple.
Could I train 1Password about the 137 sites and generate 137 unique passwords? Yup. Am I likely to? Nope. But it sure would be convenient to have autofill offer offer a "default id/password" that (if you guys could figure out the form fields dynamically) I could use. Heck, if there was a default then I could make the default password longer and more secure (and less typeable) which would actually be an improvement.
I know this suggestion runs counter to best practice, but I wonder if after evaluating the scenario if it might have some merit.
Thoughts?
Dave Ings
Comments
-
I don't understand why using 1Password to generate a unique password for each site is such a chore. Could you explain?
The other issue with what you're suggesting is that if you had to change one site's password, after a breach for example, then you'd need to update all 137 sites! That sounds like a lot of work to me.
0 -
It isn't a chore if you have a reasonable number of sites to handle. But as someone who's been on the Web for over 20 years, I have a lot of legacy to deal with!
Let's assume it takes 3 minutes per site to change passwords (not at all unreasonable, and probably on the low side given every site is different and not all are 1Password friendly, plus I need to verify the change was successful) we're talking 137*3 equals roughly 7 hours of work, for very little gain, since I don't really care about most of these sites i.e. they present low risk.
Dave Ings
0 -
Hi @ings,
I would prefer to use the same password for all 137 sites to keep life simple.
Are you 100% sure that none of your private information is stored on any of these sites? Keep in mind that identity theft is made easier when someone has enough information on you. If you answer any of the security questions honestly on these sites, these can be used against you (you should generate a random phrase with 1Password to answer the questions). They can just reset the password on some of your vital sites based on these questions/answers and then gain access to your vital account without knowing your password for it.
But it sure would be convenient to have autofill offer offer a "default id/password" that (if you guys could figure out the form fields dynamically) I could use. Heck, if there was a default then I could make the default password longer and more secure (and less typeable) which would actually be an improvement.
If you're using Chrome, Firefox, and/or Opera (not Internet Explorer), you can do this with the Identity fill. When you select an Identity, 1Password will try to fill in the default username you've chosen and if it is an email field, it'll insert your email address. It can also fill in other fields if it has something for it, like when you are registering for a new account.
At the moment, we don't have the ability to generate a new password automatically when you fill with your Identity, we used to do this but it was problematic, so we had to pull it. We plan to restore this in a future update but I don't have a timeframe on this.
0 -
Let's assume it takes 3 minutes per site to change passwords (not at all unreasonable, and probably on the low side given every site is different and not all are 1Password friendly, plus I need to verify the change was successful) we're talking 137*3 equals roughly 7 hours of work, for very little gain, since I don't really care about most of these sites i.e. they present low risk.
If you don't care about these low risk logins then why are going to change all of their passwords?
0 -
I think it might take at least that long just to find the 'password change' form on many sites, more with load times. Definitely daunting, but I'd rather be safe than sorry myself. Cheers! :)
0 -
@MikeT You make a good point about shared security questions - something that had not occurred to me. And thanks for the tip on ID fill.
@brenty You are right that it isn't always straightforward to find the "password change" form, so 3 minutes per site is probably too low an estimate.
@RichardPayne I was hoping to be able to use 1Password autofill for my "low risk logins" and the incrementally improve them over time to improve a less than optimal situation.
Thanks for the discussion and ideas - the 1Password team is the best! I think what I'll probably do is just get into the habit of upgrading a few of the low risk logins per day, and poof! in a couple of months the problem will have gone away.
Dave Ings
0 -
Hi @ings,
I think what I'll probably do is just get into the habit of upgrading a few of the low risk logins per day, and poof! in a couple of months the problem will have gone away.
That actually worked really well for many of our users that started using 1Password as their first-ever password manager. They just go through the web as they would without 1Password and 1Password would naturally just auto-save as the users log in. In a period of a few weeks, 90% or more of their account information would be saved into 1Password without any effort. In your case, you have to change the password, so you do have to spend a few minutes per site but if you just do it naturally rather than forcing, you might be able to finish it sooner than you'd think.
On behalf of the guys here, you're welcome.
0
