This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.
audit of passwords - in response to gawker hack
Lifehacker put out an article for a password keeper to help audit your passwords.
http://jalopnik.com/5712958/use-lastpass-to-audit-and-update-your-passwords
1) "If you give LastPass permission to run through your passwords, the app can run a "security challenge" and show you which passwords are decent, which are pretty much asking to be hacked, and provide direct links to where you can fix them."
2) "LastPass will now scan all your saved passwords in a few seconds. When it's complete, you'll see a report detailing all your analyzed sites, sorted by duplicate passwords."
Do these features exist in 1password? If so can you point me to some documentation on them? Of course I searched for terms like audit but came up empty.
Thanks!
http://jalopnik.com/5712958/use-lastpass-to-audit-and-update-your-passwords
1) "If you give LastPass permission to run through your passwords, the app can run a "security challenge" and show you which passwords are decent, which are pretty much asking to be hacked, and provide direct links to where you can fix them."
2) "LastPass will now scan all your saved passwords in a few seconds. When it's complete, you'll see a report detailing all your analyzed sites, sorted by duplicate passwords."
Do these features exist in 1password? If so can you point me to some documentation on them? Of course I searched for terms like audit but came up empty.
Thanks!
Flag
0
Comments
-
At the moment, 1Password doesn't feature an 'Audit' option to scan your passwords, however you can use the search option within 1Password to search for any items that use the same password. Just enter the password in question and make sure that you've selected 'Password' from the right-hand set of options.
We have had a few requests for a better way to do a password security scan within 1Password, and this is certainly something we're looking into for the future.
Hope that helps,
[quote name='宋艾伦' timestamp='1292260318' post='17470']
Lifehacker put out an article for a password keeper to help audit your passwords.
http://jalopnik.com/5712958/use-lastpass-to-audit-and-update-your-passwords
1) "If you give LastPass permission to run through your passwords, the app can run a "security challenge" and show you which passwords are decent, which are pretty much asking to be hacked, and provide direct links to where you can fix them."
2) "LastPass will now scan all your saved passwords in a few seconds. When it's complete, you'll see a report detailing all your analyzed sites, sorted by duplicate passwords."
Do these features exist in 1password? If so can you point me to some documentation on them? Of course I searched for terms like audit but came up empty.
Thanks!
[/quote]Flag 0 -
It does help thanks, that is a passable solution for the time being.
I know you guys have been focusing on adding support for more platforms, browsers and such. However it seems like some strong competition is coming up in the market with some strong feature sets around proactive security measures. If you reswizzled this search feature you could all the sudden market it as a proactive security measure. Maybe something for reactive security like, 'select the account you know was compromised and we'll identify any other accounts we think are at risk', maybe by similar passwords or similar usernames.Flag 0 -
Thanks for your additional ideas! Using the technique that Stu outlined, you can search for any items with a password containing the search string. That way if you had a compromise of your "xyzzy" password, but might have also used "xyzzy2" on another site just enter "xyzzy" (without the quotes) and have 1Password search your passwords — it will list them all. You can do the same thing for Usernames. 1Password does it now! <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/cool.gif' class='bbc_emoticon' alt='B)' />
Oh, and welcome to the forums too!Flag 0 -
[quote name='stu' timestamp='1292262818' post='17472']
At the moment, 1Password doesn't feature an 'Audit' option to scan your passwords, however you can use the search option within 1Password to search for any items that use the same password. Just enter the password in question and make sure that you've selected 'Password' from the right-hand set of options.
We have had a few requests for a better way to do a password security scan within 1Password, and this is certainly something we're looking into for the future.
Hope that helps,
[/quote]
I don't see a "right-hand set of options" when I use the search box. Is there a different search function I've missed? {also new to the forum, so -sorry if this is elsewhere.}
JGBFlag 0 -
[quote name='JGBrown' timestamp='1292371925' post='17611']
I don't see a "right-hand set of options" when I use the search box. Is there a different search function I've missed? {also new to the forum, so -sorry if this is elsewhere.}
JGB
[/quote]
Welcome to the forums, JG!
I'm sorry for any confusion. The "right-hand side" is of the main 1Password application window, and just below the Search field. Please take a look at this screenshot, where I have chosen to search for a string of "testing" in all the nooks and crannies that 1Password has to offer.
[indent][img]http://cdn.agile.ws/marty/1Password-20101214-215855.jpg[/img][/indent]
Just type in the password, username, domain name or whatever to search for. Whatever you type will be found anywhere in the fields, not just at the beginning and not just exact matches. So if you used passwords like XYZZY1, XYZZY2, 1XYZZY, 2XYZZY, etc. you can type "xyzzy" (without the quotes) and they will be found where you tell 1Password to search.
You'd never choose passwords like that, so that's just an example. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' />Flag 0 -
Thanks for the info -- I came to the forum to find out how to search for my weak password leaked by gawker.Flag 0
-
[quote name='MartyS' timestamp='1292382439' post='17624']
Welcome to the forums, JG!
I'm sorry for any confusion. The "right-hand side" is of the main 1Password application window, and just below the Search field. Please take a look at this screenshot, where I have chosen to search for a string of "testing" in all the nooks and crannies that 1Password has to offer.
[indent][img]http://cdn.agile.ws/marty/1Password-20101214-215855.jpg[/img][/indent]
Just type in the password, username, domain name or whatever to search for. Whatever you type will be found anywhere in the fields, not just at the beginning and not just exact matches. So if you used passwords like XYZZY1, XYZZY2, 1XYZZY, 2XYZZY, etc. you can type "xyzzy" (without the quotes) and they will be found where you tell 1Password to search.
You'd never choose passwords like that, so that's just an example. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' />
[/quote]
Found it! Thanks very much, Marty. Now to swap them out with new pwords. [way to many, I'm embarrassed to say.]
JGBFlag 0 -
[quote name='JGBrown' timestamp='1292447106' post='17678']
Found it! Thanks very much, Marty. Now to swap them out with new pwords. [way to many, I'm embarrassed to say.]
JGB
[/quote]Hi JGB,
At least with 1Password, you won't have to remember all the new passwords. It's easier to change the passwords to extra strong passwords for dozens of sites than it is to actually have to remember every single new password. I can't barely remember my cell phone number and yet, it would be a hellish for me if I have to remember even more complicated strings of characters for just ONE site.
I envy the people with perfect memory, even though it may also be a curse for them since they can't easily forget.Flag 0 -
Thanks for the suggestion. But let me add my vote that 1Password add auditing features. To reiterate what others have said above:
- Displays all duplicate passwords.
- Sort by password strength.
- Sort by password age.
[quote name='MartyS' timestamp='1292289614' post='17508']
Thanks for your additional ideas! Using the technique that Stu outlined, you can search for any items with a password containing the search string. That way if you had a compromise of your "xyzzy" password, but might have also used "xyzzy2" on another site just enter "xyzzy" (without the quotes) and have 1Password search your passwords — it will list them all. You can do the same thing for Usernames. 1Password does it now! <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/cool.gif' class='bbc_emoticon' alt='B)' />
Oh, and welcome to the forums too!
[/quote]Flag 0 -
[quote name='Jared Oberhaus' timestamp='1296079664' post='19544']
Thanks for the suggestion. But let me add my vote that 1Password add auditing features. To reiterate what others have said above:
- Displays all duplicate passwords.
- Sort by password strength.
- Sort by password age.
[/quote]
I like your suggestion a lot. We'll try get something done in this area.Flag 0