Feature Request: Case sensitive search

vr8ce

As the title says, the password search capability in 1Password appears to not be case-sensitive. I have a few passwords that are the same except for the case of one or more of the letters (I know, I know, that's why I now have 1Pwd <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' /> ). Whichever one I search for, I get the same list in 1Pwd. Since passwords are case-sensitive most everywhere, that seems odd, and very unhelpful. I looked in Preferences in case (no pun intended) it was a setting, but I couldn't find anything.



Why is password search not case-sensitive, and please make it so.

khad

Hey vr8ce,



I believe search is not case sensitive in an attempt to follow the [url="http://en.wikipedia.org/wiki/Principle_of_least_astonishment"]principle of least astonishment[/url]. This is the first time I am aware that this has ever come up, and I can practically guarantee that we would receive mountains of feedback if we changed this.



"Why isn't my password coming up when I search for it?!"



"You have to make sure you search for 'myPassword' rather than 'mypassword'."



"What's the difference?"



I will pass this along to the developers, but I am not sure this will be changed. Please do consider using passwords which have greater entropy, though. It seems that we receive word of [url="http://blog.agilebits.com/2011/06/codemasters-warns-gamers-of-a-security-breach-2/"]yet[/url] [url="http://blog.agilebits.com/2011/06/two-thirds-of-web-users-re-use-the-same-passwords/"]another[/url] [url="http://blog.agilebits.com/2011/04/1password-for-the-playstation/"]password[/url] [url="http://blog.agilebits.com/2011/04/when-websites-are-breached-1password-saves-the-day/"]reuse[/url] [url="http://blog.agilebits.com/2011/02/security-firm-falls-victim-to-password-reuse/"]horror[/url] [url="http://blog.agilebits.com/2010/12/lessons-learned-from-the-gawker-hack/"]story[/url] nearly every day.



The web comic [url="http://blog.agilebits.com/2010/09/1118738545/"]xkcd shows it best[/url], though.



1Password is designed to allow you to have a completely unique, random password for every site you visit. Using the same password with slightly altered case is not something we want to encourage, so 1Password will treat them as "the same" in a search. This way you can use a Smart Folder (saved search essentially) to quickly see which passwords you still need to update while processing logins to secure more tightly.



I'm sorry if I couldn't give you the answer you were looking for, but I hope you understand the reasons for 1Password's functionality in this regard.



If we can be of further assistance, please let us know.



We are always here to help!

vr8ce

The difference is pretty obvious — passwords are case-sensitive. And, as I already said in my original email, the whole reason I got 1Password is to help move towards "using passwords which have greater entropy" (entropy, really? Were you playing buzzword bingo in the support center and needed to get the final word for a win?), only to find that 1Password can't help me.



Not having the ability to differentiate case means the search is useless for passwords that differ only on case. Being useless isn't a particularly good job description.



It is not 1Password's job (or yours, either) to judge someone's past password behavior. What you should be doing is encouraging, and enabling, better behavior in the future. And, in order to do that, you should be providing the best tools for helping people do that. Thus, to provide "least astonishment," you should treat passwords as what they are — case sensitive. If you don't do it by default, then you should at least have an option to do so.



As an aside, your links added absolutely nothing to the conversation, and were frankly insulting. I had already acknowledged in my original email that my past behavior needed to be corrected, which is why I plopped down the money for 1Password. It is completely uncalled for to rub it in your customer's face that they are yet another "horror story".

khad

My sincere apologies, vr8ce.



I only used [url="http://en.wikipedia.org/wiki/Password_strength#Entropy_as_a_measure_of_password_strength"]"entropy" in the technical sense[/url]— the manner in which it is used when discussing password strength. Steve Gibson does a good job of explaining it (however briefly) on his [url="https://www.grc.com/haystack.htm"]Password Haystacks[/url] page.



Sometimes I forget that people will take my posts personally. Much of what I write in my replies to forum posts is for the benefit of other users who come across the thread via a forum or Google search down the road. While you may very well know the dangers of password reuse, not everyone does. I wanted to take to opportunity to make the point for other readers not to wag a finger at you. That you are using 1Password and its search capabilities is a testament to your awareness in this regard. I certainly didn't mean to offend, though it would appear that I have. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_sadsmile.png' class='bbc_emoticon' alt=':-(' />



Please forgive me.



I have already passed your feature request along to the developer (and am actually advocating for it on your behalf). I just wanted to offer an explanation as to why the feature is not currently in 1Password.



Best regards,

vr8ce

*I* know what entropy means, it's just not a word that comes up in normal conversation. And "normal conversation" is what should probably be the target of any customer service discussion. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' />



I made the mistake of posting at 4 o'clock in the morning, so I came across harsher than I intended — I apologize for the tone.



Thanks for pleading my (and others) case. We buy 1Pwd to help us fix our problems. When it can't do that, then the odds are good we will continue with bad passwords.



On a related note, it would be nice if 1Pwd had the ability to create a smart list of ALL duplicated passwords. Right now, we have to put in a particular password, and it shows us the logins that match. But what if we don't know which of our passwords are duped? Why can't we have a smart query (or something) that shows all of the logins for any duplicated password. IOW, if we had four logins with password X and ten logins with password Y and three logins with password Z, it would show all seventeen logins, sorted by password. Then we'd know which ones to attack first.



Thanks again.

khad

You are most welcome, vr8ce! All is well that ends well, eh? <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />



A "[url="http://forum.agile.ws/index.php?/topic/2860-feature-request-find-duplicates/"]duplicate finder[/url]" is a great idea. I'll add your vote for that!



Cheers,