Suggestions for Domain Breach Report

I've just had a look at the "Domain Breach Report" available via the 1Password website. I'm requested these reports from "Have I Been Pwned?" in the past so am already familiar with them.

Currently the only way to interact with the list is to click on each user name and make an assessment if any action is warranted, which is can take a little bit of time.

I have suggestions for the report presentation:

1) Allow a view that shows all user/source combinations in reverse order of the breach data being known about, so that I can quickly see which users might need to be prompted for changes.

2) Allow a filter to remove from display the "breaches" that don't actually contain credential data - plenty of my domain's addresses are in various spammer databases, there's nothing I can usefully do with that information, so it just obscures the more concerning breaches.

3) Allow me to order by current/suspended members, and other addresses. Some of these other addresses will be former staff members, some will just be guessed/typo'ed addresses (in the case of spam database breaches). These are the records of most interest to me as I need to ensure accounts have been correctly closed, and data deleted.

Thanks.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • ag_tylerag_tyler

    Team Member
    edited July 10

    Hey @leedxw! I'm so glad that you've gotten a chance to take a look at our new domain breach report feature. As with any new feature that we bring to 1Password we absolutely love hearing how people use it to help keep themselves safe online (and how we can make it even better). Those are some awesome suggestions and I'm going to bring those up with the team to see about if we can implement those. I can't make any promises about whether or not they'll be brought to the report but I'll certainly advocate for them.

    Thank you so much for taking the time to reach out to us and I'm excited to watch 1Password and the domain breach report grow with you :smile:

  • I'm also playing around with this and it's overall excellent! I also see there is a "Hide spam lists" toggle now (presumably part of the Build 842 release?) so that's awesome.

    However I'd also like to chime in with a request similar to @leedxw 's #3 but with an option to "ignore" or otherwise hide some users rather than just an option to invite.

    Reason being: We've acquired a number of companies over the years and onboarded their various email domains into our systems. While staff have been given an email address under our primary domain in some cases they also maintain alternate addresses using the older domains —and unfortunately the Breach Report's "alias" feature doesn't work for us here due to differences in addressing conventions (ie the older org's addresses were [email protected] while our standard mailboxes are [email protected])

    However because I added all these still-somewhat-active domains into the Breach Report it is showing an absolute ton of ancient users from these other companies, almost all of which aren't even active mailboxes/aliases, which makes invite option inapplicable. Being able to say "this address can be ignored now and/or forever" (obviously once we confirm that there is indeed no such active account or related credentials!) would help make the report much more manageable.

    Thanks!!

  • ag_tylerag_tyler

    Team Member

    Hey @MrCoBalt! I'm so happy to see that you're loving the domain breach report! Like I mentioned above, we love hearing ideas of how we can continue to grow this feature and make it fit everyone's needs!

    You brought up a really interesting case here that I would be happy to bring up to our development team. I can't make any promises on whether or not that'll be brought to our domain breach report but I'll certainly make sure it gets in front of our team!

  • Great idea and it works well but I also agree I would really like to see a way to hide irrelevant data. For examples a breach includes a "[email protected]" email, we never use [email protected] its irrelevant to us. So would be good next to the "Invite" button to have a "Hide" button.

  • ag_anaag_ana

    Team Member

    @mdeluk:

    Thank you for the feedback as well! I would like to ask you to elaborate a little bit on the example you brought up. If a "[email protected]" email is included in the report, it should show up only if it was found in a breach. So it should have been used at least once, unless I misunderstood?

  • No we have never used the [email protected] email, ever. Yet it shows in the report, I guess its a fake breach, a fake login.

    Its not the only one, there is loads on our report fake emails we have never used.

    It would be good to hide/ignore these as they just waste space on the report as they are fake breaches.

  • BenBen AWS Team

    Team Member

    Interesting. Thanks for letting us know @mdeluk. We'll have to do some brainstorming on that.

    Ben

  • Hi first off all this is super useful :) congrats again for launching the functionality - complementing what folks already mentioned - is there a way to select and advise specific users?

    Also, what happen after I click the following button

    Will it just send a default message for everyone and invite who's not registered or would allow me to customise it?

    Diego.

  • BenBen AWS Team

    Team Member

    Hey @diegoboff

    Hi first off all this is super useful :) congrats again for launching the functionality

    Thanks so much!

    complementing what folks already mentioned - is there a way to select and advise specific users?

    Not that I'm aware of. Here is a mockup of the screen that would come up next after selecting Notify Your Team:

    I'm not in a position at the moment to confirm if that is exactly what was implemented or if there were modifications, but I'd expect it to be very similar if not identical. :)

    Will it just send a default message for everyone and invite who's not registered or would allow me to customise it?

    There is opportunity to add custom messaging and also to see an example email. :+1:

    Ben

  • Great stuff @Ben , thanks for providing that info - I'd like to simulate a breach with my email address as I found this is the best way to test the behaviour of the notification mail. Do you have any suggestions on how to do that?

    • another suggestion for future development -> the ability to automatically schedule the alerts / make them realtime.

    Diego.

  • BenBen AWS Team

    Team Member

    Good question. :) We have some test items we use for QA etc. Off-hand I'm not sure how you might go about intentionally generating one yourself, but what I did is exported one into a 1PIF so that you can import it. You can download the (zipped) 1PIF here:

    https://bucket.agilebits.com/tmp/ben/compromisedWebsite1PIF.1pif.zip

    Because 1PIFs are unencrypted no password is required to import this item. Please let me know if that helps.

    another suggestion for future development -> the ability to automatically schedule the alerts / make them realtime.

    Thanks for the idea!

    Ben

  • Hi Ben - appreciate the help with the file. It is a good alternative to test watchtower but unfortunately this file does not reflect on the domain breach report given that is not a password entry associated with our testing domain :( so in this case I'd like to ask you two additional questions to help me understand the behaviour of the change password mail

    From my understanding the following screen is an example of a sample mail when a user is caught in a breach

    1st question is - If I decide to add a custom message to the breach notification mail / where it would appear? (top? bottom?)

    2nd question is - when one of our users receive this mail and click to 'Change your passwords' / will then direct to the 1password application or to the compromised service website?

    Have a good week!

    Diego.

  • BenBen AWS Team

    Team Member

    @diegoboff

    Hi Ben - appreciate the help with the file. It is a good alternative to test watchtower but unfortunately this file does not reflect on the domain breach report given that is not a password entry associated with our testing domain :(

    Ah, right. Of course. Sorry about that.

    so in this case I'd like to ask you two additional questions to help me understand the behaviour of the change password mail

    Certainly.

    1st question is - If I decide to add a custom message to the breach notification mail / where it would appear? (top? bottom?)

    One of my colleagues was able to provide me a screenshot of how this looks:

    2nd question is - when one of our users receive this mail and click to 'Change your passwords' / will then direct to the 1password application or to the compromised service website?

    My understanding is that this link takes you to one of our support guides which explains how to use 1Password to change your passwords.

    Have a good week!

    You too!

    Ben

  • Great stuff @Ben - thanks for shedding a light into my inquiries :)

    That should be the last time I bother you with an additional question lol

    For my 2nd question above, You've mentioned that this would direct the user to a support guide that explain how to use 1password to change the affected passwords. Do you have a link for that resource?

    Cheers!

  • ag_anaag_ana

    Team Member

    @diegoboff:

    For my 2nd question above, You've mentioned that this would direct the user to a support guide that explain how to use 1password to change the affected passwords. Do you have a link for that resource?

    I think this might be the one:

    Change your passwords and make them stronger

  • Excellent @ag_ana - thanks for that!

    Just out of curiosity is there a way to trigger the report/alert process from the 1password CLI?

    If not, here's another feature request :)

    Thanks!

  • Getting this error when I try to send a Breach notification

    Is this a known issue?

  • BenBen AWS Team

    Team Member

    @diegoboff

    I'm sorry for the trouble getting the report to send. I can't say I've seen that before. To troubleshoot further we may need to gather some logs from your web browser. To facilitate that I'd like to move this conversation to email, please. Compose an email message addressed to [email protected]. With your email please include:

    • A link to this thread: https://1password.community/discussion/comment/574709/#Comment_574709
    • Your forum username: diegoboff

    You should receive an automated reply from our BitBot assistant with a Support ID.  Please post that ID here so I can track down your email and ensure that this issue is dealt with quickly. :) Thanks very much!

    Ben

  • @Ben here's the support ID -> [#LJT-74981-426]

    Thanks!

  • BenBen AWS Team

    Team Member

    Perfect; thank you!

    Ben

    ref: LJT-74981-426

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file