This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.
Finding identical passwords in 1Password?
Is there a way in 1Password to show all sites using the same password?
If not, can I suggest it as a feature? It'd be very useful as part of the process of rectifying one's past practices of using just two or three passwords across all sites.
I have reset my password at many sites, but it's hard to know which of the sites in the hundreds of logins I have stored in 1Password are still using identical passwords.
If not, can I suggest it as a feature? It'd be very useful as part of the process of rectifying one's past practices of using just two or three passwords across all sites.
I have reset my password at many sites, but it's hard to know which of the sites in the hundreds of logins I have stored in 1Password are still using identical passwords.
Flag
0
Comments
-
I don't believe so, and it seems like this would not be possible with the way the 1Password keychain was designed. To be more secure, Unlocking the Vault with your Master Password does not decrypt all of the data wholesale; decryption of login items is à la carte, and is only performed when a particular item is accessed. Only the data that is left "in the clear" -- fully unencrypted -- is able to be indexed in a way that would facilitate that kind of search.
The [i][b]Unlocked vaults or unlocked boxes[/b][/i] section of [url="http://help.agile.ws/1Password3/cloud_storage_security.html"][b]Security of storing 1Password data in the Cloud[/b][/url] has a much more detailed explanation of how this all works than I could give.
I would suggest sorting your login items by password strength and using that as a starting point to update some of them. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' />Flag 0 -
[quote]I would suggest sorting your login items by password strength and using that as a starting point to update some of them. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' />
[/quote]
That's pretty much what we recommend.
It is also possible to search on passwords; so if you had an old favorite that you used, you can search for instances of that password. Don't expect to clean up many years of bad passwords at one sitting. But when you've got a small chunk of time and you're listening to some tunes, you can to a batch of them.
Brenty, I know that you will be asking how the search on password jives with what is explained in http://help.agile.ws/1Password3/cloud_storage_security.html so here goes:
Every time you ask 1Password to fill a web form, it needs to do its search on Location (the stuff out side of each box) and report that information. This happens frequently in day to day operation and needs to be done quickly. When people set up a specific search on something like the password (or any encrypted data) that is rare, and it is fine if there is a delay on the order of a sizable fraction of a second.
This is similar to entering your master password. That is done a couple times a day, and a wait of a sizable fraction of a second is fine during those user interactions, but the much more frequent decryption of specific items needs to be done swiftly.
This may seem counter-intuitive, but the things that 1Password has to do all the time behind the scenes need to be done very quickly, while the things that involve user input can be done more slowly.Flag 0 -
[quote name='jpgoldberg' timestamp='1292306901' post='17529']
It is also possible to search on passwords; so if you had an old favorite that you used, you can search for instances of that password.
...
Every time you ask 1Password to fill a web form, it needs to do its search on Location (the stuff out side of each box) and report that information. This happens frequently in day to day operation and needs to be done quickly. When people set up a specific search on something like the password (or any encrypted data) that is rare, and it is fine if there is a delay on the order of a sizable fraction of a second.
This is similar to entering your master password. That is done a couple times a day, and a wait of a sizable fraction of a second is fine during those user interactions, but the much more frequent decryption of specific items needs to be done swiftly.
This may seem counter-intuitive, but the things that 1Password has to do all the time behind the scenes need to be done very quickly, while the things that involve user input can be done more slowly.
[/quote]
Wow. That was very startling until I slowed down and took the time to consider it fully.
Just to clarify, when doing a search within passwords, is each one being decrypted, read, and then removed from memory again after an interval? This seems frightening initially, but it seems to me that having to know a specific string to search for would more secure than sorting and displaying all of them. Also, all of this can be done only [i]after[/i] authenticating with your Master Password. At that point, all of the data in 1Password is available on demand anyway.
But even knowing that, the idea of searching password text makes me cringe... Almost like bungie jumping: I [i]know[/i] that the cord will stop me from plummeting to my death, but I still have a visceral aversion to jumping off the bridge.
Thank you for anticipating my concerns. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/wink.gif' class='bbc_emoticon' alt=';)' />Flag 0