This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.
"See my debit card"
jpgoldberg
Agile Customer Care
This discussion is for follow-up discussion of the blog post, [url="http://blog.agilebits.com/2012/07/03/check-out-my-debit-card-or-why-people-make-bad-security-choices/"]Check out my debit card[/url].
Cheers,
-j
Cheers,
-j
Flag
0
Comments
-
Hi,
Great question. In the menubar you can go to [i]View > Conceal Passwords[/i]. If it's unchecked, then they are displayed within the 1Password application.
Cheers,
-jFlag 0 -
I'm glad to help.
Cheers,
-jFlag 0 -
This seems as good a place as any to reiterate a longstanding request—that 1Password, by default, obscure the leading digits of stuff like credit and debit card, bank account, and brokerage account numbers.
Also to ask whether there is an equivalent of the "option-key" temporary reveal trick for the browser extensions, or for 1P on platforms other than OS X.Flag 0 -
Noted, Ben.
Keep in mind that the first four digits are highly predictable (they indicate the type of card and a few other things), and some of the other digits are check digits, so obscuring those provides little additional security.
I don't foresee implementing your suggestion, but if we do these are some of the things that would need to be considered.
Cheers,
-jFlag 0 -
[quote name='jpgoldberg' timestamp='1342132831' post='60748']
Keep in mind that the first four digits are highly predictable (they indicate the type of card and a few other things), and some of the other digits are check digits, so obscuring those provides little additional security.
[/quote]
Very Very interesting, I didn't know that Thanks for taking the time to post it Jeff.
I was about to say I would like it also, till I read that.
Edit : BIG woops I thought you were talking about the last 4 digits. I know some about about the last four but clearly not as much as our Defender.
ps I still vote for it even if its just to fix my OCD to have them hidden.Flag 0 -
Yep. Wikipedia has a [url="http://en.wikipedia.org/wiki/List_of_Issuer_Identification_Numbers"]List of Issuer Identification Numbers[/url] which includes anywhere from the first [b]four[/b] to the first [b]seven[/b] digits of pretty much every type of card.
I'm not sure that it is possible to do the "hold down Option to reveal" trick in the browsers since their APIs are very different from the main application, but this is something we'll look into. It would be much more frustrating to conceal them without a convenient way to reveal them. Currently they are tucked away [i]behind[/i] the master password [i]inside[/i] the extension [i]on[/i] the details view. Not even as bad as leaving your card out on a table at a restaurant. <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/smile.png' class='bbc_emoticon' alt=':)' />
It would be a nice feature if it is possible to do well and conveniently.Flag 0 -
I just found the "reveal password" button in the browser extension. It's labeled "Edit." <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/skype_wink.png' class='bbc_emoticon' alt=':wink:' /> Is that also the only "temporary reveal" method for 1P/Win?
Regarding obscuring account numbers, I would make a few points.[list]
[*]My request concerned bank account numbers as well as credit and debit card numbers.
[*]We are used to seeing the leading digits of these account numbers obscured on credit card and ATM receipts and when engaged in online banking, shopping, etc. Seeing the full account numbers displayed onscreen in 1Password [i][b]feels[/b][/i] insecure by comparison. As thightower's postscript suggests, feelings count for something, and oughtn't be lightly dismissed.
[*]I'm not sure what the trade-offs are in this context. Why [i]wouldn't[/i] you want to partially obscure account numbers by default? You fully obscure SSNs!
[/list]
Also, given that you can often identify the type of credit card from the first digit, why does 1Password not flash a warning of some sort if the stated card type conflicts with the card number?
Ranging further off-topic (this is the lounge, after all), I've often wondered why 1Password includes exotic card types like VISA Electron and MasterCard Maestro (neither of which is issued in the US or Canada) but not more common varieties like VISA Debit, Debit MasterCard, or even a generic Store Card. It now occurs to me that the card type field is used for online shopping, and there's no functional difference between, say, a VISA card and a VISA Debit card in that context. Nonetheless, I'd like to see VISA Debit, Debit MasterCard, and Store Card available on the pick list when I enter a new card.Flag 0 -
You can reveal password in 1Password for Windows by holding down CTRL+R (to [u][b]r[/b][/u]eveal) — same as Option in 1Password for Mac. <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/smile.png' class='bbc_emoticon' alt=':)' />
[quote]As thightower's postscript suggests, feelings count for something, and oughtn't be lightly dismissed.[/quote]
Wholeheartedly agree. We are certainly taking this under advisement.
You're right about there not being a difference between a credit card and a debit card on the same network. Visa is Visa. <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/smile.png' class='bbc_emoticon' alt=':)' />
I don't think the card "type" (network) is the place to try to differentiate, though. I use "debit" in the title if it is a distinction I need to care about for some reason since the title is completely freeform and allows me to use my own nomenclature without messing with things that could affect form filling.
"Bank of America Debit" — type: Visa
"Chase Debit" — type: MasterCard
"Capital One Cash Rewards" — type: MasterCard
But you'll have to do what works best for you. <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/smile.png' class='bbc_emoticon' alt=':)' />Flag 0 -
Khad—
Thanks for clueing me in on ⌃R in 1P/Win.
I use Debit where appropriate in my card titles, but I include the brand (Visa, MC, etc.) as well, because the card type in the pick list, while reflected in the shelf icon, is neither searchable nor sortable.
Anyway, I still want to rant about the current state of 1Password's Credit Card record type. Before I bore you, though, let me lead off by saying this:
If I could add one card type to the pick list it would be Store Card. Lots of us have store cards in our wallets.
If I could add a second card type to the pick list it would be ATM Card. I would use it to record PINs and customer service phone numbers for bank account and brokerage account cards that I rarely if ever use for making purchases.
Now, the rant. Let's say I have three Visa cards: a credit card, a VISA Debit card that's associated with a checking account, and a prepaid card (travel, rebate, or gift card). On the 1Password Shelf they're all VISA Credit Cards.
Now suppose I grit my teeth and change the card type of my VISA Debit card to VISA Electron, even though the card says VISA Debit. Well, now 1Password "knows" that the card is a debit card, right? So what appears on the shelf? Credit Card! The only difference is that the VISA icon has been replaced with a generic card icon.
Now suppose I enter a Diners Club card. On the shelf it looks just like my pseudo-VISA Electron card: a Credit Card with a generic icon. But Diners Club cards aren't credit cards either. They're charge cards!
It's now clear to me that I wouldn't be nearly so bothered if the data records were called [url="http://en.wikipedia.org/wiki/Payment_card"]Payment Cards[/url] instead of Credit Cards.
But another thing that this points out is that there is a difference between types and brands. VISA and Target are brands. Credit cards and prepaid cards are types. Just as a VISA credit card and a VISA prepaid card (gift, travel, rebate, whatever) are different beasts, a Target credit card and a Target gift card are different beasts. Any of the four might be found in my wallet, and any would serve equally well for picking up some toothpaste at Target, but they're still different. If Agile were to take up my suggestion of adding a "Store Card" type to its Credit Card records, the type would still be overloaded, because there are really two common types of store cards: credit cards and gift cards! (Yes, I am aware that some stores have rewards cards that can do double-duty as prepaid cards. No, I do not want to talk about that right now.)
In Bank Account records, shelf icons make it easy to distinguish between savings and checking accounts at a glance. In Credit Card records, shelf icons identify the four major brands, but blur card types. Other things being equal, I'd rather have icons that let me easily distinguish payment card types than icons that let me easily distinguish payment card brands. But I'm not much of a graphic designer—maybe there's a way to do both!
—BenFlag 0 -
[quote]If I could add one card type to the pick list it would be Store Card. Lots of us have store cards in our wallets.[/quote]
I use "Reward Card" Wallet items for all my store cards and it works great for me.
[quote]If I could add a second card type to the pick list it would be ATM Card. I would use it to record PINs and customer service phone numbers for bank account and brokerage account cards that I rarely if ever use for making purchases.[/quote]
If you don't wish to see them in the browser extension you can set the Display value for them to "Never display in browser". Not sure if that's what you meant by "rarely if ever use them", but perhaps that will help. I haven't seen an ATM card in years that isn't associated with one of the large networks, so filing them as Credit Cards works perfectly for me. All Credit Card items have a field for PIN and several phone numbers.
You're correct that "payment card" would be the more precise technical term, but I'm not sure most people would know what a "payment card" is. I hope you can understand why we chose the current nomenclature.
I'll make sure they developers get your feedback on this. <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/smile.png' class='bbc_emoticon' alt=':)' />Flag 0 -
So to store my Visa Debit card I should use File > New Item > New Wallet Item… > Credit Card, but to store my Sears credit card I should use File > New Item > New Wallet Item… > Reward Program.
What a crazy world. No wonder people are giving up and "storing" their debit cards on Twitter. Nobody can figure out where to put them in 1Password!!!
Have a great weekend.
—Ben
p.s. "Never Display in Browser" is a very good suggestion. Thanks!Flag 0