Automatic password changer
I received notification from Dashlane that their automatic password changer now functions on Apple Watch. I am impressed with the usefulness of this feature and wonder if we are going to be receiving an update that has an automatic password changer for the desktop as well as Apple Watch functionality.
Comments
-
Thanks for the interest here. For reasons I am sure you can understand, we don't publicly discuss future plans. :)
I'll be sure your feature request is known to the developers.
0 -
I just read about this Dashlane feature and wow...I have to say I'm jealous of it. That would save me SO MUCH TIME and also make things so much more secure...I sincerely hope Agile Bits is working on this. :-)
0 -
@jasondunn: It's something we're interested in, but only if it can be done "perfectly" (or, close enough that no one can tell the difference).
Part of the reason this isn't at the top of our priority list is that changing passwords isn't something that anyone needs to do frequently, and it certainly isn't something we should need to do often. After all, a long, strong, unique password for each site is fundamental to 1Password and results in the following:
- Your password won't be guessed.
- If your password for any given site is stolen or otherwise compromised, it won't affect your other logins.
- Your compromised login will need a new password, but changing a single one occasionally isn't a huge burden...
- ..and really if your account is compromised (let's say your Amazon login falls prey to a phishing scam), you'll really want to actually login to your account to assess the damage rather than clicking a button to only change your password.
It isn't humanly possible to support automated password changing on every site, so we'd have to pick and choose which ones we support with such a feature, and a lot of people would feel really left out. Additionally, we don't have number on this because we don't collect user data, so we'd either be guessing or simply listening only to the most vocal users (and ourselves) as far as which ones we focus on. Finally, at least until login filling is 'solved' (if such a thing is possible), it seems like that is a better use of our limited resources (at least for now), since it benefits all 1Password users perhaps dozens (hundreds?) of times a day, rather than only some who happen to need to change a password occasionally.
As an example, I probably use 1Password to change one password a month, save a new login one or more times per day, but fill — at the very least — a dozen of logins per hour, especially when I'm working, paying bills, or shopping. I can't say that this is typical, since there will certainly be a lot of variation from person to person. But the differences will be more a matter of degree rather than scale, if that makes sense.
It's certainly a cool feature that we'd love to add, all things being equal, but the reality is that they are not, and that — at least for the time being — we're focused on features and improvements that do the most good for the greatest number of people. If we have more resources in the future though, this may be something we'll pursue further. :)
0 -
Thanks for the detailed explanation - I didn't realize it was quite this complicated. But I would say that I'm probably not alone in having a lot of passwords that aren't very secure, and manually going back to hundreds (!!) of sites to change them is too painful to think of. So the automation part of this excited me... :) But I completely understand that this feature would be hard to get right with more than a few dozen of the top sites.
0 -
Thanks for understanding! Now, we'll certainly continue to consider this though. It may be that it becomes more feasible someday, both technologically and when it comes to our own resources.
You're absolutely right that this would be much more appropriate for accounts that aren't using a long, strong, unique password, since those that are already really only need to be changed in case of emergency (as I mentioned above). I'm glad you brought that up!
For now, the workflow I'd suggest is to use it as an opportunity to change to a stronger password when you add a new Login to 1Password, since you're already at the website to save the Login. That way the first time you save it can be right after you generate a random password, obviating any need to update it later. After all, while convenient, saving a weak password in 1Password eschews its security benefits, and also adds an additional step, since even if there were a more streamlined way to change the password later, you'd still have to go through that process. Of course that isn't always what's done in practice, so I hope we'll be able to find more ways to make it easier in the future. :chuffed:
0