Feature Request: Automatic Automatic Password Changing

Options
gussic
gussic
Community Member

I understand that this is probably very complex. Dashlane (sorry to mention a competitor) has a great feature, which for supported websites allows you to press one button and it will automatically log in and change the password to a more complex one. This is great, and I think if the goal is really to make great passwords (i.e. complex, random etc) easy for everyone features like this would really help.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Ben
    Options

    Thanks for the suggestion, @gussic. We have some concerns about implementing a feature like this. At this point we haven't figured out a way to overcome those concerns, but that isn't to say that we won't in the future. :)

    Ben

  • mithr
    mithr
    Community Member
    Options

    The Vulnerable Passwords section of 1Password is great. However, sometimes many items can accumulate there -- whether due to a new breach, an old shared-password account being compromised, or just lack of time and energy to update all of those sites you haven't used in a decade, back when you didn't know about good password practices.

    Currently, the process to update multiple of these with new, 1Password-generated passwords is quite cumbersome. One has to open the site, use the browser extension to login, generate a new password, fill/paste it in, update/save the login item -- and once that's done, the item automatically moves from the Vulnerable Passwords section into the normal Logins section, which means that to get to the next vulnerable login, more clicks are required.

    It would be very nice if 1Password offered a mode allowing for a smoother flow for multiple login updates. As an example (which I'm sure your UX team could run laps around), there might be a menu item that starts this process and opens the first vulnerable site in the browser. Once its password has been updated, going back to 1Password would prompt to move on to the next item, repeating the process.


    1Password Version: Not Provided
    Extension Version: Not Provided
    OS Version: Not Provided
    Sync Type: Not Provided

  • sav67
    sav67
    Community Member
    Options

    I would REALLY like to have this functionality too!

  • sav67
    sav67
    Community Member
    Options

    I would like to see this too!

  • Ben
    Options

    Thanks for the feedback @sav67. In practice it is a great convenience if you primarily use sites that are supported by such a feature, but in the implementations we’ve seen it requires that the service provider have access to your unencrypted passwords. That isn’t a position we’re willing to put ourselves in. There is always a fine balance between security and convenience and with what we’ve seen so far we’re of the opinion that this tips the sales too far away from security.

    Ben

  • Ben
    Options

    Hi folks. I’ve merged a couple of threads with similar requests here.

    Ben

  • AdrenalineX
    AdrenalineX
    Community Member
    Options

    BUMP.

    I tried out this feature in Dashlane as well and it's truly awesome! With all the breaches of late, I have over 50 passwords that need changing... I'm even considereing importing everything to Dashlane, automating the changes and then re-importing to 1Password... No matter what, it's all a pain in the butt!

  • Lars
    Lars
    1Password Alumni
    Options

    @AdrenalineX - it is indeed a pain in the butt. Fortunately, 1Password can help you with Watchtower's features "Vulnerable Passwords" and "Compromised Logins."

    Regarding the issue of a password auto-change feature, I agree it's very cool to see in action, but there's a considerable amount of stuff that goes into it which add up to us not wanting to pursue the feature at this time. I actually went through the details in a couple of posts in a thread from earlier this year on the topic. Let me know if you have any questions.

  • AdrenalineX
    AdrenalineX
    Community Member
    Options

    Thanks @Lars... not the answer many of us are looking for in this “I want it now World” 😉 understandable though...

  • Lars
    Lars
    1Password Alumni
    edited October 2018
    Options

    @AdrenalineX - oh, I don't disagree that it would be a massively cool and useful feature...implemented properly. Unfortunately, the only two ways to implement it with current technology are either:

    1. a massive black hole of developer hours, spent making sure that each and every password-change page of every website out there in existence is up-to-date in 1Password and not broken...because a broken one could mean (best case) failure and (worst case) loss of access to your data, if it changed your password on the site but failed to save it correctly, etc. This would literally be a larger undertaking than making sure all sign-in pages work, and we've some experience with how large a job THAT is.

    -OR-

    1. little more than a half-baked toy. It wouldn't be too difficult to set something up for the top, say, few dozen sites (Facebook, Gmail, etc)...but think about it: how often do you change you passwords at those sites? The best-known sites tend (not infallibly, but generally) to also be among the best in security of their users' data, so unless you re-use passwords among multiple sites, the "big" sites like this are actually among the least likely to need you to reset your password...unless your data was disclosed in a hack of another site that had these credentials. Not saying it couldn't/doesn't happen, only that you're a lot less likely to have to change your Facebook or Gmail password than you are other things. If you've got 350 Login items, and the "auto-password-change" feature covers, say, 40 or 60 of them, it's not exactly comprehensive, or even all that much of a time-saver. And for that limited convenience, you're exchanging:
    • the possibility that we might not be up to date everywhere, leading to the aforementioned potential problems when you go to change your password
    • having our developers spending their time in a constant battle to make sure we ARE up to date, instead of focusing on things that truly make 1Password users' experience better across the board, in measurable ways, not just in the hopefully-rare instance of a data breach that requires you to change passwords at multiple sites.

    At the end of the day, as "cool" as this feature sounds when you hear it, we decided that the combination of the time it would take away from other priorities/possibilities and the difficulty of doing this properly added up to taking a pass for now. We'd love to be able to do it in a comprehensive way instead of the only real way that's available for us or anyone else to do it right now, and we're always monitoring new developments/ideas in standardization that might shift this considerably. But for now, we're letting others chase this rabbit.

  • AdrenalineX
    AdrenalineX
    Community Member
    Options

    Wow, thanks for the details... I get it...

  • Lars
    Lars
    1Password Alumni
    Options

    :) :+1:

This discussion has been closed.