Safety Dashboard improvements to reduce counts

I've just started to look at the Beta Safety Dashboard and three items create work for me:

- I've got a number of web destinations that use single sign-on or other security federation, but have mixed domain names. So I need some way to indicate to Identify Safe that I have a cluster of related URLs that all legitimately use the same userid/password combination. (It would be even better if I could just indicate a password change to the group level, rather than having to manually change all the related URLs in Identity Safe after I've updated the password on one of the websites).

- Some of my passwords are "weak" because the userid/password combinations may be shared with Android phone applications that have been resistant to accepting special characters in the password field. So to smooth things over, I've been forced to use mixed case and numerals. This was an older Android version, which I've just replaced with a new device and a higher Android level (8.1). But I'd still like to see a way to flag both that the password is shared with another device (which is going to have to be manually entered on that device), and a way to indicate that the password level has been reviewed and accepted so it doesn't keep showing up again, since I'm really stuck with it.

- I've got some old passwords because I've got some really old sign-on accounts that are probably dead. But I'm hesitant to delete them. Expanding the Archive to accept not just the last password, but the entire logon entry would go a long way towards focusing on keeping clean the stuff I'm actually using. An automatic process that archived entries you had not used in …. well, you get the picture.

Good luck!    

I question whether an old password is a risk if it is associated with a logon that is seldom used.  I have several "old" links that I rarely access,

Those are particularly enticing to hackers, because you are not likely to check up on those web sites. Depending on what kind of sites these are, the hackers may be able to learn more about you to help them with their identity theft agenda.

There is no risk as far as I am concerned.

As always, it is your call on how comfortable you are with what you have done to secure your own system and information.

 

 

I question whether an old password is a risk if it is associated with a logon that is seldom used.  I have several "old" links that I rarely access, so I do not want to go into each link and update the password simply to improve my Safety Dashboard score.  If someone is tracking my activities, it will be many months (or years) before they will see activity on those older websites.  There is no risk as far as I am concerned.

Grouping similar URLs would be a big help.  And perhaps a "acknowledge and accept risk" checkbox to not be notified again for a particular password.  That way you could show all accepted risks and deal with them when available, maybe occasionally prompred to review these and fix any that can be fixed, but to not affect the overall score or raise alerts unnecessarily.

 

I like the idea of "archiving" entries - notes, passwords, etc. - so they can be brought back later if needed, or permanently deleted if not.  So again, if a password is old or weak, you're not distracted by it when it is a known issue.