Since the update, I've spent the majority of the day updating zillions of passwords. As other users have mentioned, bulk updates would be amazing, but I can't imagine how complex that would be. Even trying to "open and fill" is frequently wrong because 1password has saved the webpage as the new user registration page instead of a true login. Small pain for the amazing product you have.
I would recommend one thing very highly. Please give the user some information why there is a vulnerability. I've noted some of them are marked from previous large user/pass dumps that are available. If the user knows this, she will know to never use that user/pass combo again. If the user is unaware, they may rotate to another common user/pass that has also been released.
We've made some improvements to the new user signup form end of the spectrum in the latest beta version of our extension. You can install the beta by visiting the page below:
Make sure you click "Enable Betas" below the Download button before installing. This should improve things quite a bit in most cases. If you run into any sites with issues please email us with the URL so we can test (support at agile bits . com). If we don't know about the site having problems we can't fix it.
If you're viewing a login that has a known vulnerability, you see a red bar at the top that says:
"Vulnerability Alert - Change Password..."
If you click this, it shows a popover, that popover displays a bit more detail with a "Learn More" link. That sends you to the Watchtower site with a lot more detail about why and what to do next.
I suppose we could be better here and tag it differently saying it was part of heartbleed, but not all vulnerabilities will have such a memorable name (CVE-2014-0160 is hardly memorable, agreed?)
Does that explain things a little more?
Please let me know if you have any trouble with the beta extension, too.
Since the update, I've spent the majority of the day updating zillions of passwords. As other users have mentioned, bulk updates would be amazing, but I can't imagine how complex that would be. Even trying to "open and fill" is frequently wrong because 1password has saved the webpage as the new user registration page instead of a true login. Small pain for the amazing product you have.
I would recommend one thing very highly. Please give the user some information why there is a vulnerability. I've noted some of them are marked from previous large user/pass dumps that are available. If the user knows this, she will know to never use that user/pass combo again. If the user is unaware, they may rotate to another common user/pass that has also been released.
Thanks for considering my thoughts...