This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.

Feature Request: In-app security news (password breach) updates

ashleyk
edited June 2012 in Mac
Yesterday it was widely reported that Linkedin was investigating reports of massive password theft for their users as shown in this link [url="http://www.telegraph.co.uk/technology/news/9314332/LinkedIn-investigates-theft-of-6.5-million-passwords.html"]http://www.telegraph...-passwords.html[/url]



I'll bet a lot of people never read these reports yesterday or other similar stories, so I was wondering how difficult it might be for a future version of 1Password to include security alerts when large sites like this are reported as having some kind of security breach?



Given early notice it would hopefully allow users to change their passwords or contact the websites directly if they had any concerns.



EDIT: More information here on the Linkedin story from CNET: http://news.cnet.com/8301-1009_3-57448465-83/linkedin-confirms-passwords-were-compromised/

Comments

  • khad
    khad Social Choreographer
    edited June 2012
    It is a very interesting idea. A couple of us were just chatting about this around the ol' water cooler earlier. I'll definitely add your vote! <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/smile.png' class='bbc_emoticon' alt=':)' />



    Oh, and in case you missed our own posts:



    [url="http://blog.agilebits.com/2012/06/06/on-password-breaches-and-security-processes/"]On password breaches and security processes[/url]



    [url="http://blog.agilebits.com/2012/06/06/a-salt-free-diet-is-bad-for-your-security/"]A salt-free diet is bad for your security[/url]
  • ashleyk
    edited June 2012
    Here is another one today and they seem to be falling like flies [url="http://www.telegraph.co.uk/technology/internet-security/9318032/Last.fm-warns-of-possible-password-theft.html"]http://www.telegraph...word-theft.html[/url]



    I wondered if this could be implemented via an RSS feed inside 1Password or some other means. I am subscribed to the Agile blog posts so they appear as RSS feeds inside Apple Mail but I heard Apple will be removing this feature for some reason when Mountain Lion is released, so that is all the more reason why updates from directly inside 1Password might be useful. All of this perfectly illustrates why we should never use the same password more than once on different sites...
  • khad
    khad Social Choreographer
    eHarmony was also involved in this nasty "password leak parade" we've been seeing.



    [quote]I wondered if this could be implemented via an RSS feed inside 1Password or some other means.[/quote]

    That is one option we discussed. It is still in the "brainstorming" phase and may never see the light of day, but it certainly something we are taking under advisement.



    [quote]All of this perfectly illustrates why we should never use the same password more than once on different sites... [/quote]

    That is precisely the case. Always unique passwords. Always. <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/smile.png' class='bbc_emoticon' alt=':)' />



    Stay safe out there!
  • h00ligan
    h00ligan Junior Member
    This is actually a feature that I would allow to push me info... considering I know you all would only post real stuff!
  • khad
    khad Social Choreographer
    Thanks for the vote of confidence! If it happens it will certainly not be spam but a very useful feature. We'll have to wait and see if it ever pans out. I'll make sure the developers know you would also like to see this. <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/biggrin.png' class='bbc_emoticon' alt=':D' />
  • It looks like Yahoo have just been caught out, so I rushed to change the password there. Fortunately I haven't really used this address for ten years but obviously for anybody using it as a main email address this is potentially very bad. http://www.telegraph.co.uk/technology/internet-security/9395475/Yahoo-hackers-leak-half-a-million-passwords.html
  • khad
    khad Social Choreographer
    Agreed. This could be a bigger deal for folks using Yahoo as their primary email account. <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/sad.png' class='bbc_emoticon' alt=':(' />



    We're gathering more details and hope to have a blog post of our own later.