1Password's Insights tool to help admins monitor users' security practices
Find the clown who chose 'password' as a password and make things right
1Password, the Toronto-based maker of the identically named password manager, is adding a security analysis and advice tool called Insights from 1Password to its business-oriented product.
Available to 1Password Business customers, Insights takes the form of a menu addition to the right-hand column of the application window. Clicking on the "Insights" option presents a dashboard for checking on data breaches, password health, and team usage of 1Password throughout an organization.
"We designed Insights from 1Password to give IT and security admins broader visibility into potential security risks so businesses improve their understanding of the threats posed by employee behavior, and have clear steps to mitigate those issues," said Jeff Shiner, CEO of 1Password, in a statement.
1Password has positioned its tool as a defense against "Shadow IT" – IT systems used without administrative approval or in contravention of policies – and weak passwords.
Shadow IT has been a subject of concern for years and has taken on a new dimension with the rise in remote working. 1Password, citing its own State of Access report "The Burnout Breach," claims that 20 percent of burned-out workers feel their companies' security policies "aren't worth the hassle" and almost half (48 percent) of burned-out workers use unapproved software.
The October 2021 survey of 2,500 North American adults who work full time, primarily at a computer, doesn't define criteria for being "burned out." Rather it's a self-designated category in which 84 percent of security professionals and 80 percent of office workers place themselves.
- Popular password manager LastPass to be spun out from LogMeIn
- 1Password unsheathes Rusty key, hopes to unlock Linux Desktop world
- 1Password has none, KeePass has none... So why are there seven embedded trackers in the LastPass Android app?
- Microsoft warns against SMS, voice calls for multi-factor authentication: Try something that can't be SIM swapped
Insights was created to give IT admins a way to address the "can't be bothered about security" attitude that shows up in the 1Password survey. This is not to be confused with the "can't be bothered to invest in security" attitude evident at many companies.
The breach check capability identifies team members whose email addresses or passwords have surfaced in known breaches. This works for employees whether or not they're using 1Password and includes a way to alert employees to breaches with a single click.
The password health review finds those who insist on using weak passwords or somehow just don't know any better. This is similar to the Watchtower report available to users of the standard version of 1Password.
And the team usage section tells admins which employees have not logged into 1Password or a Private Vault lately – which conceivably could be a sign of people using unapproved IT services instead.
Password managers are widely recommended by security professionals to counterbalance the generally poor password practices most people have, not to mention the difficulty of managing unique passwords for every internet service login – you're not reusing passwords, are you?
But password managers have security issues, so using one doesn't absolve you of the need to be vigilant. 1Password at least audits its software. BitWarden is also well regarded.
In any event, the capabilities of Insights could prove useful to IT admins, though these may prove to be short term fixes if the push to get rid of passwords continues to accelerate.
The death of the password was foretold by Microsoft chairman Bill Gates in 2004. Though the password has lingered longer than expected, there's now a viable alternative.
In May, Apple, Google, and Microsoft joined together "to expand support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium." 1Password joined as well this month.
Then earlier this month, at its Worldwide Developer Conference, Apple followed up on its password-eradication plan with word of Passkeys, a passwordless login mechanism based on a public key cryptography-based standard called Web Authentication or, for vowel-minimalists, WebAuthn.
You may have 1Password now, but some day, in theory, you won't have any. ®