This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.

Finding duplicate passwords

Scah
Scah Junior Member
<div class="IPBDescription">Is it possible to search for a certain password?</div>Hi All,



With the hack on PSN (playstation network) etc all over the press, I finally think I should get off my butt and pro-actively change the common password(s) I have on a few of my really old, pre 1password websites.



To help with this, i'd really like to be able to search for all the Logins that use a particular password. Or even group all Logins with the same password together (not just strength of the password). If they were identifiable in some easy way then I could start manually changing them. I'm not sure exactly how many logins I have in 1Password but they are in the order of 100's and I don;t want to go through them manually.



Unfortunately some of the passwords I used to use before 1password that are used in a few places are not considered weak by the strength indicator so I cannot just sort on that and change the red ones <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/wink.gif' class='bbc_emoticon' alt=';)' />



Any help, tips etc appreciated!



Thanks.

Comments

  • [quote name='Scah' timestamp='1303885290' post='25723']



    To help with this, i'd really like to be able to search for all the Logins that use a particular password. Or even group all Logins with the same password together (not just strength of the password). If they were identifiable in some easy way then I could start manually changing them. I'm not sure exactly how many logins I have in 1Password but they are in the order of 100's and I don;t want to go through them manually.



    Thanks.

    [/quote]



    You could create a smart folder and select the Password field and then "contains" and then specify the password you are looking for. All the logins using that password will then be grouped together.

    Unfortunately you still have to manually create the smart foldersr so you cannot group automatically all logins by PW, but for emergencies like this one (I'm in the same boat, with the PSN nightmare) this workaround is ok for me.

    [attachment=639:Screen shot 2011-04-27 at 09.00.20.png]
  • Thanks for posting this, Cello!



    This is exactly what we'd recommend for now, and in fact we posted a blog article on exactly how to do this after the Gawker incident a few months ago:



    http://blog.agile.ws/2011/01/easily-find-duplicate-passwords-in-your-logins/



    Hope that helps,





    [quote name='Cello' timestamp='1303887750' post='25724']

    You could create a smart folder and select the Password field and then "contains" and then specify the password you are looking for. All the logins using that password will then be grouped together.

    Unfortunately you still have to manually create the smart foldersr so you cannot group automatically all logins by PW, but for emergencies like this one (I'm in the same boat, with the PSN nightmare) this workaround is ok for me.

    [attachment=639:Screen shot 2011-04-27 at 09.00.20.png]

    [/quote]
  • Scah
    Scah Junior Member
    Thanks guys. Fantastic result.



    Cheers! <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/biggrin.gif' class='bbc_emoticon' alt=':D' />
  • I hear from Sony that my PSN account is one of the 77 million most likely hacked last week. Unfortenately, before starting using 1password I used the same password as my PSN password on other sites. Now I need to change this on a lot of sites. To speed up the process, I wonder if there is any way to search in 1password for this specific password?



    I tried searching for it but none showed up.
  • brenty
    edited April 2011
    Hiya, viking!



    First, i would like to welcome you to the forums! <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/biggrin.gif' class='bbc_emoticon' alt=':D' />



    Second, I would like to take this opportunity to say just how awesome Mike is for preparing a blog post (with a screenshot, even!) to answer your question -- so that I can just copy liberally from it! <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/wink.gif' class='bbc_emoticon' alt=';)' />



    [quote name='Mike']

    The best way to do this is to first know the password you’re looking for, enter it into the search field of 1Password and press the enter key. You’ll get a bar that drops down to let you set the parameters for the search. For the duplicate passwords, set it to search everywhere and in the password fields only.

    [img]http://cdn.agile.ws/mike/tm_1Pm_Find_Duplicate_Passwords.png[/img]

    [/quote]



    Finally, I would like to rant about Sony. Okay, maybe not...but I was just talking with a few friends today about just how irresponsible it was that they waited so long to even acknowledge the breach, much less that customer data was compromised. My wish is that others learn from Sony's mistakes, both regarding security and disclosure, so that we see less of this in the future.



    Yeah, and if wishes were horses, we'd all be having steak. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/dry.gif' class='bbc_emoticon' alt='<_<' />



    Anyway, I love Mike. I hope that answers your question and you can start updating those passwords! And hopefully you and others don't suffer any ill effects on Sony's account. At the very least, though, it's a wakeup call for all of us to make sure we use strong, unique passwords. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/mellow.gif' class='bbc_emoticon' alt=':mellow:' />



    (Silly me! I've merged these topics now. I overlooked them initially.)



    [quote name='viking' timestamp='1303974141' post='25802']

    I hear from Sony that my PSN account is one of the 77 million most likely hacked last week. Unfortenately, before starting using 1password I used the same password as my PSN password on other sites. Now I need to change this on a lot of sites. To speed up the process, I wonder if there is any way to search in 1password for this specific password?



    I tried searching for it but none showed up.

    [/quote]
  • sam1am
    sam1am Junior Member
    With massive f#&^-ups like Sony allowed to exist on this planet, there periodically comes the time when you have to go through and change all of your passwords. 1password handily provides a way to search for all accounts with a given password, but editing all of them can be a pain (especially when you're adopting the policy of making them all different).



    I'm imaging some sort of spreadsheet view editor. Name, URL, and a new generated password for each site that matches the password that was compromised because someone didn't think it was worth the trouble to hash the passwords in their database.



    I know this sort of thing is outside the scope of 1password, but I thought it might be a worthy addition given that it could greatly increase the ease of adopting better security practices.
  • khad
    khad Social Choreographer
    Hey sam1am,



    I have merged your post with the appropriate thread. Please see above for some additional tips and tricks. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />



    Unfortunately, there is no automated way to change passwords on a variety of sites. There is no "password change" standard which 1Password can just hook into. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_worried.png' class='bbc_emoticon' alt=':S' /> On a technical level, I don't know of any way to fully automate [url="http://help.agile.ws/1Password3/change_password.html"]the process of updating a password[/url] but 1Password is about as close as possible given the current state of things:



    [list=1]



    [*]Log into the site — [url="http://help.agile.ws/1Password3/3min_password_manager.html#login_quickly_and_securely_with_1password"]1Password has you covered[/url]

    [*]Visit the sites "change password" page — human required, no way to find automatically <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_sadsmile.png' class='bbc_emoticon' alt=':-(' />

    [*]Generate a new password — [url="http://help.agile.ws/1Password3/3min_pass_gen.html"]1Password has you covered again[/url]

    [*]Save to 1Password — you do have to click a button <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />

    [/list]

    I hope that helps. Please let me know.



    Cheers!
  • jasonmccsmith
    jasonmccsmith Junior Member
    While the searching for a specific password is a great workaround for now when things hit the fan, I'd like to see something a bit more like Address Book or iTunes' "Show Duplicates" feature, and let it find all instances where I was lazy, *before* I run into trouble.



    An ounce of prevention, and all that. With several hundred entries in 1Password now, I can't live without it... but with several hundred entries in 1Password, I *KNOW* I haven't always observed safe account creation practices, and I'd like an assist in cleaning up behind myself.



    Optimally, when putting a new password in, it would be able to say "Woah cowboy, you already used this password on site X. You sure you want to do this?", with the obligatory "Don't show me this dialog again" and preference toggle.



    But I'd be over the moon thrilled with the "Show Duplicate Passwords" feature.
  • [quote name='brenty' timestamp='1303982809' post='25809']

    I would like to take this opportunity to say just how awesome Mike is for preparing a blog post (with a screenshot, even!) to answer your question[/quote]

    And there it is:



    [url=http://blog.agile.ws/2011/04/tips-how-to-find-duplicate-passwords/]Tips: How to Find Duplicate Passwords | Agile Blog[/url]



    … with a few followup comments that dovetail with the discussion here, e.g. Peter suggests:



    [i]I think 1Password should ship by default with smart folders that show the weak passwords[/i]



    Seems like a good idea, at least for [b]Help > Tools > Import Sample Data File[/b] to do.
  • khad
    khad Social Choreographer
    edited May 2011
    Thanks for adding that link to the thread, sjk!



    I would also draw your attention to [url="http://forum.agile.ws/index.php?/topic/4435-wish-warn-about-non-secure-signup-login-ie-not-https/page__view__findpost__p__25579"]a similar discussion in another thread[/url]. That post (and the following discussion) sound like exactly what you are mentioning. I'd love to get your further opinion.



    Jason, we are considering options very similar to what you describe. I can't promise anything, but this sort of thing is being discussed. Thanks for bringing it up!