Suggestions for Domain Breach Report

leedxw
leedxw
Community Member

I've just had a look at the "Domain Breach Report" available via the 1Password website. I'm requested these reports from "Have I Been Pwned?" in the past so am already familiar with them.

Currently the only way to interact with the list is to click on each user name and make an assessment if any action is warranted, which is can take a little bit of time.

I have suggestions for the report presentation:

1) Allow a view that shows all user/source combinations in reverse order of the breach data being known about, so that I can quickly see which users might need to be prompted for changes.

2) Allow a filter to remove from display the "breaches" that don't actually contain credential data - plenty of my domain's addresses are in various spammer databases, there's nothing I can usefully do with that information, so it just obscures the more concerning breaches.

3) Allow me to order by current/suspended members, and other addresses. Some of these other addresses will be former staff members, some will just be guessed/typo'ed addresses (in the case of spam database breaches). These are the records of most interest to me as I need to ensure accounts have been correctly closed, and data deleted.

Thanks.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • ag_tyler
    edited July 2020

    Hey @leedxw! I'm so glad that you've gotten a chance to take a look at our new domain breach report feature. As with any new feature that we bring to 1Password we absolutely love hearing how people use it to help keep themselves safe online (and how we can make it even better). Those are some awesome suggestions and I'm going to bring those up with the team to see about if we can implement those. I can't make any promises about whether or not they'll be brought to the report but I'll certainly advocate for them.

    Thank you so much for taking the time to reach out to us and I'm excited to watch 1Password and the domain breach report grow with you :smile:

  • MrCoBalt
    MrCoBalt
    Community Member

    I'm also playing around with this and it's overall excellent! I also see there is a "Hide spam lists" toggle now (presumably part of the Build 842 release?) so that's awesome.

    However I'd also like to chime in with a request similar to @leedxw 's #3 but with an option to "ignore" or otherwise hide some users rather than just an option to invite.

    Reason being: We've acquired a number of companies over the years and onboarded their various email domains into our systems. While staff have been given an email address under our primary domain in some cases they also maintain alternate addresses using the older domains —and unfortunately the Breach Report's "alias" feature doesn't work for us here due to differences in addressing conventions (ie the older org's addresses were asmith@domain while our standard mailboxes are adam.smith@domain)

    However because I added all these still-somewhat-active domains into the Breach Report it is showing an absolute ton of ancient users from these other companies, almost all of which aren't even active mailboxes/aliases, which makes invite option inapplicable. Being able to say "this address can be ignored now and/or forever" (obviously once we confirm that there is indeed no such active account or related credentials!) would help make the report much more manageable.

    Thanks!!

  • Hey @MrCoBalt! I'm so happy to see that you're loving the domain breach report! Like I mentioned above, we love hearing ideas of how we can continue to grow this feature and make it fit everyone's needs!

    You brought up a really interesting case here that I would be happy to bring up to our development team. I can't make any promises on whether or not that'll be brought to our domain breach report but I'll certainly make sure it gets in front of our team!

  • matthew2
    matthew2
    Community Member

    Great idea and it works well but I also agree I would really like to see a way to hide irrelevant data. For examples a breach includes a "sales@" email, we never use sales@ its irrelevant to us. So would be good next to the "Invite" button to have a "Hide" button.

  • ag_ana
    ag_ana
    1Password Alumni

    @mdeluk:

    Thank you for the feedback as well! I would like to ask you to elaborate a little bit on the example you brought up. If a "sales@" email is included in the report, it should show up only if it was found in a breach. So it should have been used at least once, unless I misunderstood?

  • matthew2
    matthew2
    Community Member

    No we have never used the sales@ email, ever. Yet it shows in the report, I guess its a fake breach, a fake login.

    Its not the only one, there is loads on our report fake emails we have never used.

    It would be good to hide/ignore these as they just waste space on the report as they are fake breaches.

  • Interesting. Thanks for letting us know @mdeluk. We'll have to do some brainstorming on that.

    Ben

  • diegoboff
    diegoboff
    Community Member

    Hi first off all this is super useful :) congrats again for launching the functionality - complementing what folks already mentioned - is there a way to select and advise specific users?

    Also, what happen after I click the following button

    Will it just send a default message for everyone and invite who's not registered or would allow me to customise it?

    Diego.

  • Hey @diegoboff

    Hi first off all this is super useful :) congrats again for launching the functionality

    Thanks so much!

    complementing what folks already mentioned - is there a way to select and advise specific users?

    Not that I'm aware of. Here is a mockup of the screen that would come up next after selecting Notify Your Team:

    I'm not in a position at the moment to confirm if that is exactly what was implemented or if there were modifications, but I'd expect it to be very similar if not identical. :)

    Will it just send a default message for everyone and invite who's not registered or would allow me to customise it?

    There is opportunity to add custom messaging and also to see an example email. :+1:

    Ben

  • diegoboff
    diegoboff
    Community Member

    Great stuff @Ben , thanks for providing that info - I'd like to simulate a breach with my email address as I found this is the best way to test the behaviour of the notification mail. Do you have any suggestions on how to do that?

    • another suggestion for future development -> the ability to automatically schedule the alerts / make them realtime.

    Diego.

  • Good question. :) We have some test items we use for QA etc. Off-hand I'm not sure how you might go about intentionally generating one yourself, but what I did is exported one into a 1PIF so that you can import it. You can download the (zipped) 1PIF here:

    https://bucket.agilebits.com/tmp/ben/compromisedWebsite1PIF.1pif.zip

    Because 1PIFs are unencrypted no password is required to import this item. Please let me know if that helps.

    another suggestion for future development -> the ability to automatically schedule the alerts / make them realtime.

    Thanks for the idea!

    Ben

  • diegoboff
    diegoboff
    Community Member

    Hi Ben - appreciate the help with the file. It is a good alternative to test watchtower but unfortunately this file does not reflect on the domain breach report given that is not a password entry associated with our testing domain :( so in this case I'd like to ask you two additional questions to help me understand the behaviour of the change password mail

    From my understanding the following screen is an example of a sample mail when a user is caught in a breach

    1st question is - If I decide to add a custom message to the breach notification mail / where it would appear? (top? bottom?)

    2nd question is - when one of our users receive this mail and click to 'Change your passwords' / will then direct to the 1password application or to the compromised service website?

    Have a good week!

    Diego.

  • @diegoboff

    Hi Ben - appreciate the help with the file. It is a good alternative to test watchtower but unfortunately this file does not reflect on the domain breach report given that is not a password entry associated with our testing domain :(

    Ah, right. Of course. Sorry about that.

    so in this case I'd like to ask you two additional questions to help me understand the behaviour of the change password mail

    Certainly.

    1st question is - If I decide to add a custom message to the breach notification mail / where it would appear? (top? bottom?)

    One of my colleagues was able to provide me a screenshot of how this looks:

    2nd question is - when one of our users receive this mail and click to 'Change your passwords' / will then direct to the 1password application or to the compromised service website?

    My understanding is that this link takes you to one of our support guides which explains how to use 1Password to change your passwords.

    Have a good week!

    You too!

    Ben

  • diegoboff
    diegoboff
    Community Member

    Great stuff @Ben - thanks for shedding a light into my inquiries :)

    That should be the last time I bother you with an additional question lol

    For my 2nd question above, You've mentioned that this would direct the user to a support guide that explain how to use 1password to change the affected passwords. Do you have a link for that resource?

    Cheers!

  • ag_ana
    ag_ana
    1Password Alumni

    @diegoboff:

    For my 2nd question above, You've mentioned that this would direct the user to a support guide that explain how to use 1password to change the affected passwords. Do you have a link for that resource?

    I think this might be the one:

    Change your passwords and make them stronger

  • diegoboff
    diegoboff
    Community Member

    Excellent @ag_ana - thanks for that!

    Just out of curiosity is there a way to trigger the report/alert process from the 1password CLI?

    If not, here's another feature request :)

    Thanks!

  • diegoboff
    diegoboff
    Community Member

    Getting this error when I try to send a Breach notification

    Is this a known issue?

  • @diegoboff

    I'm sorry for the trouble getting the report to send. I can't say I've seen that before. To troubleshoot further we may need to gather some logs from your web browser. To facilitate that I'd like to move this conversation to email, please. Compose an email message addressed to support+forum@agilebits.com. With your email please include:

    • A link to this thread: https://1password.community/discussion/comment/574709/#Comment_574709
    • Your forum username: diegoboff

    You should receive an automated reply from our BitBot assistant with a Support ID.  Please post that ID here so I can track down your email and ensure that this issue is dealt with quickly. :) Thanks very much!

    Ben

  • diegoboff
    diegoboff
    Community Member

    @Ben here's the support ID -> [#LJT-74981-426]

    Thanks!

  • Perfect; thank you!

    Ben

    ref: LJT-74981-426

  • jensp
    jensp
    Community Member

    I second leedxv #3. In addition:

    Our employees have the possibility to use firstname@company or firstname.lastname@company. So this report will of course only consider the one that is used for 1password, and offer the other to be invited. Would it be possible to allow users to add email aliases to their accounts, and that this report would take that into consideration?

  • @jensp

    The ability to associate a user with multiple email addresses is something we may be able to consider for the future. :) I'll be happy to add your voice to that request.

    Ben

This discussion has been closed.