1Password for the PlayStation?

Well, no. We are not providing a version of 1Password for the Sony PlayStation™ platform, but given that username and passwords for 77 million users of the PlayStation Network (PSN) have fallen into the hands of the bad guys maybe it wouldn’t be a bad idea. Maybe a game about securing passwords against the bad guys? Who knows.

PSNAnyway, a study (PDF) by Trusteer found that 73% of users share the passwords which they use for online banking, with at least one nonfinancial website. So yet again I point readers to our tips about setting up unique passwords for each site.

Even if your PSN password was unique

Many websites have password recover or password reset mechanisms. That will be the subject of another post in the future, but I mention it now because the information stolen from Sony’s PSN can be used for password resets on other sites. Here’s what Sony says was stolen:

[W]e believe that an unauthorized person has obtained the following information provided by PlayStation Network/Qriocity account holders: name, address (city, state, zip), country, email address, birth date, PlayStation Network/Qriocity password, login, and handle/PSN online ID.

They also acknowledge that credit card and billing information may also have been taken.

What you can do is take extra care to secure your email accounts, which are needed for password resets at other sites.

4 replies
  1. Kurt
    Kurt says:

    Oddly, I signed up for PSN through the browser, so my email/password were stored in 1Password. So I can at least retire that password. But I can’t remember if I was required to submit any of the information that was reportedly stolen.

    That leads me to a feature suggestion:
    If 1Password automatically stored the data from all fields when creating a new account, then we would always know what information was submitted with a particular account.

    As long as I am trusting the 1Password software to remember and secure all my login information, I would like to store the related account information as well.

    • Jeff
      Jeff says:

      Hi Kurt,

      When 1Password saves a form it will save everything that was filled in. So if it saves from a registration form, instead of just a username and password form, then you will see everything that was saved by finding the item in 1Password and clicking on the “All Fields” expansion triangle.

      If you re-save that Login, however, from just a username and password page, then 1Password will just contain the details from the login page. So you may wish to add the sort of information you wish to keep track of into Notes within each entry.

      Cheers,

      -j

  2. David
    David says:

    Hi, I’m one of the 77 Million (or however many it is) whose account has been stolen from the PSN hack. I’m also one of the many people, who, despite having 1password for years still uses duplicate passwords across sistes. It would be really useful if 1Password had either: 1) a menu option to highlight all duplicate passwords so we can identify the size of the problem and start to change our logins on sites to remove duplicates. 2) an option to immediately report if a new password we have added to 1password is a duplicate of an existing password.
    Cheers,
    David.

    • Jeff
      Jeff says:

      Hi David,

      These are some great ideas and many have come up before. At the moment the best way to find duplicates is in that link I gave: http://blog.agile.ws/2011/01/easily-find-duplicate-passwords-in-your-logins/

      There is certainly room for improvement in what we can do to further help automate that process, but I think you will find those tips helpful.

      1Password already attempts to detect whether a username and password that you give for a site is already known to it. It will not prompt you to save the new Login if it thinks that it has it. But if it is at a different domain or has a different username or password, 1Password will consider it a new Login.

      What 1Password won’t do is silently scan all of your passwords to check if that password is used elsewhere. For your security, 1Password only decrypts the smallest amount of information it needs at any one time, so routinely decrypting all of your passwords is not something we would like to do.

      Of course you can explicitly ask 1Password to decrypt your passwords for sorting and searching as described here as described in the link above.

      Cheers,

      -j

Comments are closed.