Security Audit - Dup Passwords
The Security Audit is a nice new feature of 1pw4; however, the Duplicate Password feature creates a lot of spurious hits in that it labels as duplicates both a generated password item and the associated login item. I showed 280+ duplicate passwords, of which only a few were true use of a password in more than one place/website or situation. The vast majority were the aforementioned generated password/login pairs created whenever I used the Strong Password Generator to create or change a site's password.
I sure would appreciate a feature where 1pw4 either ignored these obvious pairs; or at a minimum provide an option to ignore Generated Password items in the Audit Function.
Comments
-
I have this same problem... In any case there is something I don't get. If I delete the password, the login also is deleted at the same time. For example in the image below, if I get rid of the "www.avid.com" password, the "Avid Support" login item also is trashed.
0 -
I don't have the problem of deleting the generated password deletes the login. Deleting the generated password DOES cause both to disappear from the listing since the listing is set to Duplicate Passwords and there's no longer a dup when the generated password is deleted. I still have the login item when looking back in the All Items or logins categories.
A workaround for the problem when looking for duplicate Login Item passwords is to select the Logins category, then sort it by Duplicate Passwords rather than using the Security Audit function, which looks at all items.
0 -
Deleting the generated password does cause both to disappear from the listing since the listing is set to Duplicate Passwords and there's no longer a dup when the generated password is deleted.
Exactly. It can be frightening to see things "disappear", but it's just that they aren't duplicates once it's the last one left with that password.
A workaround for the problem when looking for duplicate Login Item passwords is to select the Logins category, then sort it by Duplicate Passwords
A most excellent, @oshloel, to @initialssb's question. As for your original question, let's catch our breath and develop a feeling for how people make use of the duplicate detection. Your suggestion has a lot of appeal, but it may also lead to other confusion.
Cheers, -j
0 -
Fair enough. Actually, I'd like to see two separate password categories; one just passwords as in 1pw4 and another that are Generated Passwords as in 1pw3. With the elimination of the Wallet category in 1pw4, I have ended up storing things such as my Home Safe Combination, Laptop iPad, etc. passwords, my wife's 1pw password, Quicken File Password, etc. in the Passwords category.
Unfortunately, 1pw4 still dumps passwords it generates for new or revised logins in that same category, resulting in a cluttered mess (IMHO). Being a certified AARP retired old guy, I'd like a way to keep stuff I want my wife, kids or executor to be able to find in the proverbial "hit by a bus" scenario easily identifiable vs being mixed in with all my logins (where 1pw4 originally put all this stuff) or with a cabel of 1pw generated passwords.
In fact, I find Generated Passwords to be a bit redundant since I have the option to save/replace (at least I could replace in 1pw3) new/revised logins directly in the browser.
0 -
A workaround for the problem when looking for duplicate Login Item passwords is to select the Logins category, then sort it by Duplicate Passwords
I knew there was something I was missing. Thank you ! :)
0 -
Glad to hear that you're all sorted out there, @initialsbb!
@oshloel, as much as we don't like thinking about those nasty hit-by-a-bus scenarios, it is good to hear that you have a plan in place. An alternative that I've seen suggested elsewhere is keeping important information stored in a Secure Note. This might help prevent things from getting lost in the jumble of generated passwords. :)
0 -
Thanks for the suggestion Megan. Secure Notes definitely have their place. The advantage of storing some of the referenced infor in Passwords is that if I need it, it's easy to find with a 1pw or 1pw Mini search. The search function does not search - or at least present - results based upon the content of Secure notes other than the 1st line/headline/title of the note.
0 -
Also, sometimes it's useful to store certain information in custom fields instead of notes fields or separate Secure Note items.
0 -
I agree with the OP. The point of searching for dup passwords is not to notice that the "generated" password matches the password I assigned to that login; it is to notice when passwords are reused across different websites.
@jpgoldberg, I do think there should indeed be a way to filter out or ignore matches between actual login items and the stored list of all passwords 1pw has ever generated. I mean, I'm not going to use this security audit feature that much if I have to scroll through a listing of 250 items to verify that every single pair is a match between a login and the original password 1pw generated. While this is the kind of thing that I understand, my wife would probably say, "well, that's dumb why is it that way?" and I'd have no good answer and she would just file it in the back of her head as a reason why 1pw will be too tricky to learn how to use.
0 -
I'm not sure when it was added, but Help → Tools → Remove Redundant Generated Passwords fixed this problem for me. That removed in one fell swoop the Password entries that are only duplicates of Login entries, thus leaving only the true duplicates in the security audit.
0 -
That last one was a good tip. Now, if I may suggest, that should not be in "Help", but somewhere else. Why would I look in "Help" for that?
0 -
I agree - Help is not a good place to hide a tool. Rather unconventional placement!
0 -
Hi guys,
Thanks for the Help → Tools → Remove Redundant Generated Passwords shoutout, Dan. I'm glad that was helpful (no pun intended?) for you and @huffalumpy to clean up unnecessary items. Have you given that a try yet, @Skip?
The Tools and Troubleshooting submenus of Help can both be considered misplaced there, which I'll mention to the developers.
0
