New "custom password field" for multi-page-logins?

Hi, @muzh. Thanks for the questions.

The combination of being able to add multiple URLs to a Login item and add custom fields to an item (now with a Password type option in 4.1) might eventually be tied together so that a single Login item could provide an alternative to multi-page logins. Typically, for now, a separate item for each page is still required but I like how you're thinking about a single-item, multi-page solution. :)

Since custom fields with a Password type are new in 4.1 I'd prefer to postpone answering your second question until, oh, wait … here's some information just in about that (via @jpgoldberg):

Each item is encrypted separately. And each attachment is encrypted separately, but multiple fields within an item are encrypted together.

So when a custom field has a Password type nothing changes regarding actual decryption of its data, which is still done at the item level. That field/type is just displayed differently, not decrypted separately each time it's "revealed".

Putting an excessive number of passwords into a single item is a case in which they might be less secure by some margin. That is it wouldn't be good to take 100 different items and merge them into just one.

(a) That one item (with 100 secrets) will be in active memory longer.
(b) If the single item (with 100 secrets) gets breached, then that is 100 secrets lost.

However, it's fine (and recommended) to put, for example, a password and the "security questions" into the same item.

I hope that's helpful.

Hi @muzh,

In short, I put my "security" questions in the same Login as the username and password, and it is what I generally recommend.

There are some very marginal cases in which this practice might be weaker than using a separate item, but I consider those marginal. I will list them in order from what I consider most likely to least likely. I only consider the first one to be of any significance at all, though.

1. You accidentally share or export the item, giving it to the wrong person.

   If you have things split up among multiple items then you would have to accidentally share multiple items instead of just one to make this error.

2. A memory dump of your computer is obtained by an attacker when just a few items are decrypted in RAM. The attacker can only get at those items that happen to be in active memory at the time.

   The amount of misfortune that needs to coincide to just the right degree to make one versus two items meaningful here is ridiculously small.

3. An attacker somehow discovered the item key for one item but not the other.

   Each item (in the new data format) is encrypted with its own randomly chosen 256-bit key, called the "item key". If through some feat of magic an attacker has one of the item keys, but not the other, then having the details split between items would provide some safety.

   I simply cannot imagine any circumstances in which an attacker would have one item key but not the other. If an attacker guesses your Master Password then they will be able to decrypt all of the item keys.

So that is for completeness. Case 2 is enormously unlikely, and case 3 is ludicrously unlikely, so neither of those should play any meaningful role in such a decision. As for 1, I can see it possibly happening to someone sometime, but it is hardly a big enough concern to merit splitting security questions into separate items in my view.

I'm glad I could help. Other things being equal, simple processes are more secure than more complicated ones.