Feature request: Absolute password change dates in Smart Folder search criteria
While doing my cleanup for the #Heartbleed SSL bug, I ran in to a use case the current smart folder search criteria don't seem to cover. I want to create a smart folder that includes all the logins that had their passwords last updated on or after 4/8/2014, and another folder that contains those that weren't.
There's a "Last password change (day ago)" that I could use, but it's relative to the current date; tomorrow its results will be different, and I want to filter wrt an absolute point in time when a particular event happened. The "Date modified" criteria uses absolute dates like I want, but it reflects changes to fields besides the password. For example: I made a "Heartbleed" folder using "Date Modified" < 4/8/2014. Then I noticed my login for AAA was spelled "Aaa", so I corrected its case to "AAA" while I was in there, and that modification caused it to disappear from the "Heartbleed" folder, looking like I don't need to change its password. So I don't think the current search filters cover this case.
Could you add a "Last password change (date)" that looks at just password fields but compares it to an absolute point in time like "Date modified" does?
As a workaround, I'm using "Date Modified" and being careful not to change any non-password info on logins until I get all my passwords reset. That'll work for this case, but is only workable because the date in question is recent.
Comments
-
Shortly after the Heartbleed problem surfaced a few weeks ago, I went through my passwords and applied a Tag to the ones that some of the web sites were showing as affected, and ones I consider critical of those showing as unknown. Until today, I hadn't realized that the "last modified" date being shown in 1Password 4 for Mac is the date that the ENTRY was last modified, rather than the date that the PASSWORD was last modified.
I can understand why what I thought was going on would be tricky, especially with the ability to add multiple "password" or hidden fields to an entry. However, it means that as I was going through and tagging entries to be fixed later, once the sites addressed their problem, I was destroying the history of when I'd really updated things.
Now, having recognized that this is going on, I can just assume that anything with a modification date set to that point is still questionable or at-risk. Unfortunately, I have already removed the tag from some of those that I had misunderstood as having been updated.
So, I guess I'm also needing to look at creating a Smart Folder to catch these. I think the smart folder I want would have rules such that it matches Logins whose Date Modified is After 20140401 AND Password Change is Prior To 20140510. But, I don't see a way to create such a thing.
Since it appears that 1Password does keep track of when a password is changed, perhaps the change date could be displayed alongside each password field in the entries. Since I'm really only caring how old the password is, and not caring that I've updated tags or notes, that would be helpful.
0 -
Hi @RonHeiby,
Thank you for the detailed feedback about this and vote for @janke's request. I've noted it with the open issue we have in our tracker that @Megan previously mentioned.
Other than convenient visibility, is there any purpose for the latest password change (or creation, if never changed) date being displayed near the main password field? Selecting
show previously used passwordsin Login item details does display the date/time when they were changed, e.g.:
Currently that doesn't tell you when the original password was created, which may also have value and can certainly differ from the item's last modified and even created date. Would recording the initial password creation date there be sufficient?
We'd at least like to start with Password modified search criteria supporting absolute dates. And I did add your "change date could be displayed alongside each password field" suggestion to the tracker, too. :)
0 -
So, I see on May 21 that the Watchtower tells me that a site managed to fix a problem on (say) May 3, but I see that the entry has a modified date of May 4. Am I safe? Maybe Watchtower is smart enough to know that it wasn't the password that got changed, but I don't recall whether it was. And, I am not seeing anything that always tells me. I hadn't tried to look at the password history. Does that still get updated when I change the password on my Windows, iOS, or Android device? Seems like there is nothing if I have never changed the password. Seeing the date right there I think is a convenience, but also an opportunity to remind when the password has reached the maximum age I have set.
Noticed in 4 that it is possible to have multiple "password" or hidden fields. Without a change / set date for each, how do you know which one is the main password? How do I know that you guessed right?
0 -
Hi @RonHeiby,
So, I see on May 21 that the Watchtower tells me that a site managed to fix a problem on (say) May 3, but I see that the entry has a modified date of May 4. Am I safe?
If you see the Watchtower's red change password alert banner on an item, that means the site was affected and you still need to change your password.
Does that still get updated when I change the password on my Windows, iOS, or Android device?
Yes, the previous password history should be correct regardless of which device you changed the password on.
Noticed in 4 that it is possible to have multiple "password" or hidden fields. Without a change / set date for each, how do you know which one is the main password? How do I know that you guessed right?
The main password is displayed directly under the username in the default password field. Any custom fields added would be considered "secondary" passwords.
0
