Feature Request: help us identify the highest priority accounts
1Password has made our lives so much better! Thank you all for the wonderful work you do!
I was sorting through my login passwords recently, trying to strengthen some of the weaker ones. I realized that in the back of my mind I was weighing out the security risks associated with each online account and trying to put more of my time into securing accounts that have bank account or credit card numbers. Other accounts, such as with libraries or forums, have very little inherent security risk because there may be no sensitive information stored. I eventually realized that I have no idea which accounts have asked for my financial details, SSN, security questions, phone numbers, addresses, etc. How can I determine how much of a security risk each account is without those details available.
In a sense, for many of the online accounts, I didn't know exactly what I was protecting with a password.
1Password could provide intentional fields (not custom fields) to indicate when an account has the following information:
- bank account numbers
- credit card numbers
- social security number
- email addresses
- physical addresses
- phone numbers
- driver's license or passport numbers
- any other sensitive or identifying info
They could either be binary fields, or data fields so that you can see, for example, which credit card number an account has on file.
You could take it a step further... When I get a new credit card in the mail and update 1Password with the new expiration and security digits, 1Password could tell me which online account needs to be updated with the new information.
When new logins are detected by 1Password, the save dialog could have a "details" drop down section that allows you to set these details. Or perhaps, when you enter any of that sensitive info into a website, 1Password could offer to add those details to the saved login for that site.
Finally, when viewing the account logins in 1Password in "top" view mode, there could be columns indicating which accounts have financial details, or phone numbers, addresses, etc. That way we can keep track of our most important accounts. Apparently the jury is still out on whether or not we should be changing our passwords often, but if I'm going to be refreshing the passwords of my online accounts, I'm not going to be able to do it for the hundreds of logins I have in my vault. Help us see which are the highest priority. :)
Thanks for considering,
Zeb
1Password Version: 5.4.1
Extension Version: 4.4.4
OS Version: 10.11.1
Sync Type: Dropbox
Comments
-
Hi @zebellis,
Thanks so much for taking the time to write out your suggestions & ideas about all this! We're always listening to what our customers would like and looking into ways to improve the 1Password experience. I don't know how feasible some of those features would be, but then again I'm not a developer, so I'll let them decide. ;)
One thing I wanted to mention is that 1Password doesn't really have a way of knowing which of your website accounts have that sort of information. If you want to save that info in a Login item, you would need to enter it yourself in the notes field, or by adding custom fields. The main purpose of Login items is to fill your login credentials in login forms on a website. So when you save a new Login item using the 1Password extension/1Password mini, it saves info about that specific web form (including username, password, URL, and details about the fields of that form). If data like your email address, credit card number, phone number, etc, happens to be part of the info you enter in the login form when you save a new Login item, that information will be saved. Login forms often include your email address, but not usually the other types of info you mentioned.
...perhaps, when you enter any of that sensitive info into a website, 1Password could offer to add those details to the saved login for that site.
That would be very difficult, because 1Password wouldn't know which information you consider to be sensitive. 1Password will only prompt you to save or update a Login item if there's a password field on the page (and you've entered something in that field). Other fields are typically text fields, and 1Password doesn't prompt you about those - if it did, it would do so every time you ever filled in any form on any website, which would probably become very annoying very quickly. ;)
However, I do have a suggestion that might be helpful for you, which is to use Tags to help keep track of which Login items are for website accounts that have other sensitive information. For example, if certain websites have your phone number, you could add a "Phone Number" tag to your Login items for those sites. You could also add tags for "Credit Card", "Bank Account Number", and so on. When you select a Tag in the sidebar of the 1Password app (or in 1Password mini), it would show all the items with that tag. You can even add a Tag to a Login item when saving it from a web browser.
Hopefully this helps, but if you need anything else or have more suggestions, please let us know! :)
0 -
Hi @Drew_AG,
I agree that login forms aren't where you find the sensitive data. That's why I suggested that information be added to that saved login after the fact (the bit you quoted). I could have been a little clearer about that. :) As you pointed out, the saved "login items" are meant as a record of web form details that can be used to log a user in automatically. That seems to be the model 1Password is built upon. In essence, I'm proposing that these "login items" evolve into more of a rich object that has both the login details and the attributes of each online account. This would make 1Password capable of helping us better manage our sensitive and secure information, not just the passwords.
That would be very difficult, because 1Password wouldn't know which information you consider to be sensitive.
I suspect that it wouldn't be that difficult at all for 1Password to identify the sensitive information. The whole foundation of 1Password is built on the fact that the software can identify a secret password (sensitive data) on a page and save it for you. There are at least seven other types of information commonly regarded as sensitive (the ones I listed); there may be some more, but probably not an unmanageable amount. 1Password already has the ability to identify and interact with that type of information on a web form: autofilling credit card and identity data. As a programmer myself, I don't see any reason 1Password would have trouble identifying this type of data on a web form. And if there are cases where it does have trouble, then it can be manually added by the user later. Once in 1Password, then it's simply about how the GUI allows you to view, sort, and interact with that data.
However, I do have a suggestion that might be helpful for you, which is to use Tags to help keep track of which Login items are for website accounts that have other sensitive information.
I had considered using Tags and Custom Fields as a way to get the raw data into 1Password, but that wouldn't provide nearly the level of rich interactivity or data visualization I'm suggesting. 1Password has the potential to improve on the way we understand our online presence, and therefore can help us better protect it. Take for instance the current ability to sort "login items" by password strength. This lets us see the accounts that need better passwords as well as accounts that are already well protected. If 1Password could also sort the list of accounts by how many "pieces" of sensitive data they have, then we could see the relationship between the data and the passwords that protect them. This in turn could compel us to be more proactive in protecting our personal and financial data. These two simple sorting methods (password strength and sensitive data) would go hand-in-hand. 1Password could even make recommendations to improve passwords for sites with more sensitive data. This feels like a very natural direction for 1Password to go.
Again, thanks for considering. 1Password is excellent software that makes my life so much easier and, obviously, more secure ;)
Zeb
0
