This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.

"See my debit card"

jpgoldberg
jpgoldberg Agile Customer Care
edited July 2012 in Lounge
This discussion is for follow-up discussion of the blog post, [url="http://blog.agilebits.com/2012/07/03/check-out-my-debit-card-or-why-people-make-bad-security-choices/"]Check out my debit card[/url].

Cheers,



-j

Comments

  • botsmack
    edited July 2012
    How did you get the wallet entry to display the PIN and Verification Number without the security dots? I know you can press Option to show them on-demand, but was just curious if there's a hidden setting for displaying all the time.
  • jpgoldberg
    jpgoldberg Agile Customer Care
    Hi,



    Great question. In the menubar you can go to [i]View > Conceal Passwords[/i]. If it's unchecked, then they are displayed within the 1Password application.



    Cheers,



    -j
  • Ah, so simple. Right there in front of me. Thanks!
  • jpgoldberg
    jpgoldberg Agile Customer Care
    I'm glad to help.



    Cheers,



    -j
  • benfdc
    benfdc Perspective Giving Member
    This seems as good a place as any to reiterate a longstanding request—that 1Password, by default, obscure the leading digits of stuff like credit and debit card, bank account, and brokerage account numbers.



    Also to ask whether there is an equivalent of the "option-key" temporary reveal trick for the browser extensions, or for 1P on platforms other than OS X.
  • jpgoldberg
    jpgoldberg Agile Customer Care
    Noted, Ben.



    Keep in mind that the first four digits are highly predictable (they indicate the type of card and a few other things), and some of the other digits are check digits, so obscuring those provides little additional security.



    I don't foresee implementing your suggestion, but if we do these are some of the things that would need to be considered.



    Cheers,



    -j
  • thightower
    thightower "T-Dog" Agile's Mascot Community Moderator
    edited July 2012
    [quote name='jpgoldberg' timestamp='1342132831' post='60748']

    Keep in mind that the first four digits are highly predictable (they indicate the type of card and a few other things), and some of the other digits are check digits, so obscuring those provides little additional security.



    [/quote]



    Very Very interesting, I didn't know that Thanks for taking the time to post it Jeff.



    I was about to say I would like it also, till I read that.



    Edit : BIG woops I thought you were talking about the last 4 digits. I know some about about the last four but clearly not as much as our Defender.



    ps I still vote for it even if its just to fix my OCD to have them hidden.
  • khad
    khad Social Choreographer
    Yep. Wikipedia has a [url="http://en.wikipedia.org/wiki/List_of_Issuer_Identification_Numbers"]List of Issuer Identification Numbers[/url] which includes anywhere from the first [b]four[/b] to the first [b]seven[/b] digits of pretty much every type of card.



    I'm not sure that it is possible to do the "hold down Option to reveal" trick in the browsers since their APIs are very different from the main application, but this is something we'll look into. It would be much more frustrating to conceal them without a convenient way to reveal them. Currently they are tucked away [i]behind[/i] the master password [i]inside[/i] the extension [i]on[/i] the details view. Not even as bad as leaving your card out on a table at a restaurant. <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/smile.png' class='bbc_emoticon' alt=':)' />



    It would be a nice feature if it is possible to do well and conveniently.
  • benfdc
    benfdc Perspective Giving Member
    I just found the "reveal password" button in the browser extension. It's labeled "Edit." <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/skype_wink.png' class='bbc_emoticon' alt=':wink:' /> Is that also the only "temporary reveal" method for 1P/Win?



    Regarding obscuring account numbers, I would make a few points.[list]

    [*]My request concerned bank account numbers as well as credit and debit card numbers.

    [*]We are used to seeing the leading digits of these account numbers obscured on credit card and ATM receipts and when engaged in online banking, shopping, etc. Seeing the full account numbers displayed onscreen in 1Password [i][b]feels[/b][/i] insecure by comparison. As thightower's postscript suggests, feelings count for something, and oughtn't be lightly dismissed.

    [*]I'm not sure what the trade-offs are in this context. Why [i]wouldn't[/i] you want to partially obscure account numbers by default? You fully obscure SSNs!

    [/list]

    Also, given that you can often identify the type of credit card from the first digit, why does 1Password not flash a warning of some sort if the stated card type conflicts with the card number?



    Ranging further off-topic (this is the lounge, after all), I've often wondered why 1Password includes exotic card types like VISA Electron and MasterCard Maestro (neither of which is issued in the US or Canada) but not more common varieties like VISA Debit, Debit MasterCard, or even a generic Store Card. It now occurs to me that the card type field is used for online shopping, and there's no functional difference between, say, a VISA card and a VISA Debit card in that context. Nonetheless, I'd like to see VISA Debit, Debit MasterCard, and Store Card available on the pick list when I enter a new card.
  • khad
    khad Social Choreographer
    You can reveal password in 1Password for Windows by holding down CTRL+R (to [u][b]r[/b][/u]eveal) — same as Option in 1Password for Mac. <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/smile.png' class='bbc_emoticon' alt=':)' />



    [quote]As thightower's postscript suggests, feelings count for something, and oughtn't be lightly dismissed.[/quote]

    Wholeheartedly agree. We are certainly taking this under advisement.



    You're right about there not being a difference between a credit card and a debit card on the same network. Visa is Visa. <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/smile.png' class='bbc_emoticon' alt=':)' />



    I don't think the card "type" (network) is the place to try to differentiate, though. I use "debit" in the title if it is a distinction I need to care about for some reason since the title is completely freeform and allows me to use my own nomenclature without messing with things that could affect form filling.



    "Bank of America Debit" — type: Visa

    "Chase Debit" — type: MasterCard

    "Capital One Cash Rewards" — type: MasterCard



    But you'll have to do what works best for you. <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/smile.png' class='bbc_emoticon' alt=':)' />
  • benfdc
    benfdc Perspective Giving Member
    Khad—



    Thanks for clueing me in on ⌃R in 1P/Win.



    I use Debit where appropriate in my card titles, but I include the brand (Visa, MC, etc.) as well, because the card type in the pick list, while reflected in the shelf icon, is neither searchable nor sortable.



    Anyway, I still want to rant about the current state of 1Password's Credit Card record type. Before I bore you, though, let me lead off by saying this:



    If I could add one card type to the pick list it would be Store Card. Lots of us have store cards in our wallets.



    If I could add a second card type to the pick list it would be ATM Card. I would use it to record PINs and customer service phone numbers for bank account and brokerage account cards that I rarely if ever use for making purchases.



    Now, the rant. Let's say I have three Visa cards: a credit card, a VISA Debit card that's associated with a checking account, and a prepaid card (travel, rebate, or gift card). On the 1Password Shelf they're all VISA Credit Cards.



    Now suppose I grit my teeth and change the card type of my VISA Debit card to VISA Electron, even though the card says VISA Debit. Well, now 1Password "knows" that the card is a debit card, right? So what appears on the shelf? Credit Card! The only difference is that the VISA icon has been replaced with a generic card icon.



    Now suppose I enter a Diners Club card. On the shelf it looks just like my pseudo-VISA Electron card: a Credit Card with a generic icon. But Diners Club cards aren't credit cards either. They're charge cards!



    It's now clear to me that I wouldn't be nearly so bothered if the data records were called [url="http://en.wikipedia.org/wiki/Payment_card"]Payment Cards[/url] instead of Credit Cards.



    But another thing that this points out is that there is a difference between types and brands. VISA and Target are brands. Credit cards and prepaid cards are types. Just as a VISA credit card and a VISA prepaid card (gift, travel, rebate, whatever) are different beasts, a Target credit card and a Target gift card are different beasts. Any of the four might be found in my wallet, and any would serve equally well for picking up some toothpaste at Target, but they're still different. If Agile were to take up my suggestion of adding a "Store Card" type to its Credit Card records, the type would still be overloaded, because there are really two common types of store cards: credit cards and gift cards! (Yes, I am aware that some stores have rewards cards that can do double-duty as prepaid cards. No, I do not want to talk about that right now.)



    In Bank Account records, shelf icons make it easy to distinguish between savings and checking accounts at a glance. In Credit Card records, shelf icons identify the four major brands, but blur card types. Other things being equal, I'd rather have icons that let me easily distinguish payment card types than icons that let me easily distinguish payment card brands. But I'm not much of a graphic designer—maybe there's a way to do both!



    —Ben
  • khad
    khad Social Choreographer
    [quote]If I could add one card type to the pick list it would be Store Card. Lots of us have store cards in our wallets.[/quote]

    I use "Reward Card" Wallet items for all my store cards and it works great for me.



    [quote]If I could add a second card type to the pick list it would be ATM Card. I would use it to record PINs and customer service phone numbers for bank account and brokerage account cards that I rarely if ever use for making purchases.[/quote]

    If you don't wish to see them in the browser extension you can set the Display value for them to "Never display in browser". Not sure if that's what you meant by "rarely if ever use them", but perhaps that will help. I haven't seen an ATM card in years that isn't associated with one of the large networks, so filing them as Credit Cards works perfectly for me. All Credit Card items have a field for PIN and several phone numbers.



    You're correct that "payment card" would be the more precise technical term, but I'm not sure most people would know what a "payment card" is. I hope you can understand why we chose the current nomenclature.



    I'll make sure they developers get your feedback on this. <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/smile.png' class='bbc_emoticon' alt=':)' />
  • benfdc
    benfdc Perspective Giving Member
    edited July 2012
    So to store my Visa Debit card I should use File > New Item > New Wallet Item… > Credit Card, but to store my Sears credit card I should use File > New Item > New Wallet Item… > Reward Program.



    What a crazy world. No wonder people are giving up and "storing" their debit cards on Twitter. Nobody can figure out where to put them in 1Password!!!



    Have a great weekend.



    —Ben



    p.s. "Never Display in Browser" is a very good suggestion. Thanks!

Leave a Comment

Rich Text Editor. To edit a paragraph's style, hit tab to get to the paragraph menu. From there you will be able to pick one style. Nothing defaults to paragraph. An inline formatting menu will show up when you select text. Hit tab to get into that menu. Some elements, such as rich link embeds, images, loading indicators, and error messages may get inserted into the editor. You may navigate to these using the arrow keys inside of the editor and delete them with the delete or backspace key.