Prioritization by Level of Required Security
I treat my many login passwords differently depending on the level of security needed. For example, for all email accounts and financial accounts I use the highest level of security -- long passwords, no words, multiple types of characters, change every six months. For an e-commerce account where my password is on file -- a little lower, not worried about changing frequently. Down to the lowest level of security for bulletin boards, newspaper logins, etc -- if someone broke in I would be minorly inconvenienced but would not lose anything -- so why not have an easy password I can (mostly) remember. In fact for these lowest level accounts I often use the same password.
What I would like in 1Password is a way of categorizing accounts by level of required security and then to be able to get a report of all high level accounts which have passwords older than 6 months. The 1Password security audit function gives me all accounts with passwords older than 6 months -- but I don't really care if lower level accounts have old passwords. The number of accounts I have which require the highest level of security is a small fraction of the total number of accounts I keep passwords for so the security audit function is not helpful to me unless I can filter out the lower level accounts.
Does anyone know if there is a way to do this? If not, how do I make a new feature request?
1Password Version: 5.3.2
Extension Version: Not Provided
OS Version: MacOS 10.12.1
Sync Type: Not Provided
Comments
-
@LarryP: This isn't possible — at least not in any meaningful way. It's certainly something we can consider, but 1Password's security is based on math — encryption — and not permissions or something similarly superficial (i.e. non-cryptographical). So your data can only be decrypted using the Master Password, by you...or someone else who got it from you.
Obviously we could have a setting to require the Master Password again for certain items, but that just means a minor inconvenience for you or the attacker, with no real security benefit. Now, we can get more security for specific items by encrypting them using a different Master Password...but this is 1Password, for crying out loud! We're using it in the first place because we already have too much to remember, but we want to keep our data secure, right? And even ignoring these issues, that means putting an extra burden on the user to manage which items require which "security level". What if I save a new credit card but forget to set that appropriately? Or maybe the default is the highest level for everything...and then we have to go through and lower it for certain items... :angry:
So the solution is to simply afford everything the highest level of security: a long, strong, unique Master Password. And then we can tweak our security preferences to fit our needs. For example, I have a relatively long lock timer on my laptop because I have it set to lock whenever it sleeps — which is any time the lid is closed.
I hope this helps. Be sure to let me know if you have any other questions! :)
0 -
Brenty -- thanks for your comments. But I think you may have misunderstood, or "over-engineered", my request. My goal is to change my "high level" passwords on a regular basis -- email accounts, banks, credit cards. With over 200 accounts in 1Password I have no desire to do the same for all my accounts. All I really want is a way to categorize my accounts and then have the category as a filter on the security audit. In other words, "show me all my email, bank and credit card accounts with passwords older than n months."
--Larry
0 -
Hi @LarryP
Thank you for giving us some more details about what you're thinking. If what you want is to be able to organize your data we do have a couple of ways for you to do so (not via the security audit though). Depending on whether you are using local vaults or an account you can set your items on folders or set tags for them respectively. Either way, you'd be able to click on the folder or tag and see all the items you have marked. I think that what you're looking for could be achieved even better by having multiple vaults. You can create 2 different vaults and keep the "All vaults" view. When you need to, you can run a security audit of only the important vault by switching to that one on the top left corner. I just want to mention that this approach might need a bit of extra work with setting up syncing depending on what you are currently doing, but we'd be happy to help you with that if you want to try it!
Please let us know what you think about this, if you have any questions and if you give this idea a shot :chuffed:
0 -
Two vaults would give me what I want to do. I will try that and let you know if I have any difficulty.
That said, I think it would be simpler to have a way of filtering by tag when running the audit function -- if you could consider adding a feature of that sort.
Thanks,
Larry
0 -
Hi @LarryP,
I have a suggestion that I think might be helpful for you. If you're using local vaults (i.e. the kind that can be synced via Dropbox or iCloud and are not part of a 1Password.com account), you can create a Smart Folder that filters by tag and last had a password change a certain number of days ago.
First, if you have multiple vaults, you'll need to select a specific one (this is because Smart Folders are not supported in the All Vaults view). Next, go to File > New Smart Folder. At the top of the window, set the search options as follows:
In the screenshot, I used "high level" as the Tag name, but it can be whatever you want as long as it's the Tag you've assigned to the items in question. Also, I used 182 as the number of days (approximately 6 months), but you can adjust that if you want to.
After doing that, click Save, then you can enter a name for the new Smart Folder.
I hope that helps! :)
0 -
Perfect. That's exactly what I'm looking for. I use only one vault and only sync over WiFi. Thanks for the suggestion.
0 -
You're very welcome, I'm glad that was a helpful suggestion! If you need anything else, you know where to find us. ;)
0
