Watchtower settings to ignore certain entries

hepabolu
hepabolu
Community Member

I love Watchtower and every now and then I go in to fix the vulnerabilities it reports. However, there are some entries that cannot be fixed, e.g. the duplicate password message on Facebook and Messenger. I know there are some labels that tell Watchtower to ignore a certain entry, but I can't find all of the labels together, nor can I find the posts again that mentioned them in the first place.

Does anyone know which labels Watchtower reacts to and where this is written up?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:watchtower

Comments

  • Hi @hepabolu

    We do not currently offer a way to tell Watchtower to ignore duplicate passwords. That is a situation we're looking at closely and hope to be able to offer something in that regard in the future. In the mean time, have you considered combining Facebook and Messenger into a single Login item by listing their respective URLs in separate website fields on the same item? That might help alleviate some of the trouble.

    As for your other question... the only tags I'm aware of that have interaction with Watchtower are http and 2FA. The former is for sites that do not support HTTPS/SSL and the latter is for services for which you've enabled 2FA but are not using 1Password to perform that 2FA. Using tags for these sorts of things is not ideal, and so we're hoping to build something more robust going forward that can address all of these different aspects.

    Thanks.

    Ben

  • Alexis_txt
    Alexis_txt
    Community Member

    Hey @Ben,

    I post here because my feature request is pretty close to this topic.

    In my exemple, I've done my best about all the weak passwords of my 1Password account... But some of them remains and I can't do anything about that. 😥
    I'm French and a lot of banks and administration websites won't let me have anything else other than 8 digits, for exemple, so yes, it clearly isn't a strong password.

    But an option to say to watchtower "ignore this item and don't show me any alert anymore" would be really cool, please. 🙏

    Thanks !

    Alexis

  • ag_ana
    ag_ana
    1Password Alumni

    Hi @Alexis_txt! Welcome to the forum!

    Thank you for sharing your feedback, especially your use case! As Ben wrote, this is something we are looking at :)

  • ocaptain
    ocaptain
    Community Member

    This would be a great feature I was about to suggest - I have a bunch of logins for Hotels that I do meetings in. Their WiFi passwords are deemed "weak" but I can do nothing about that. Same when I go to a friend's house and their WiFi is "weak". If I can tell WatchTower to ignore an entry that would be great!

  • Thanks for sharing those examples with us @ocaptain. Understanding why people would like to do certain things does help us better build the "how" aspect of it. :+1:

    Ben

  • feipor
    feipor
    Community Member

    Watchtower nags about duplicating passwords ('reused'). Why not let users decide whether or not to re-use passwords?

  • @feipor

    The primary mission of 1Password is to enable you to use strong unique passwords. Password reuse is one of the biggest problems in information security today.

    Ben

  • feipor
    feipor
    Community Member

    Understand but it doesn’t hv to be so intrusive and ‘perpetual/ pervasive.

    More important to have no data breaches on 1Password’s part than for us adults (in my case a senior) to be left with no choices of how to conduct our lives - research has shown we tend to use the same passwords. Not change regularly, etc.

    Otherwise we may as well be living in a gulag.

    I’ve used 1Password for ages and never had cause for complaint; at least let us hv the choice.

  • research has shown we tend to use the same passwords.

    Yes indeed; that's exactly the problem that 1Password was founded to resolve.

    Not change regularly, etc.

    The recommendations around this have largely changed. Most experts now agree it is better to pick strong unique passwords and then only change them if you suspect they've been compromised. There is little if any benefit to routinely changing passwords.

    Thanks for the feedback on this. We're evaluating how to best move the Watchtower feature forward. Our strong recommendation is going to continue to be to use unique passwords for each service, though. Otherwise why use a password manager, if you're going to use the same password everywhere? :) The problem with doing so is that if one service is compromised an attacker now has access to all of your accounts.

    Ben

This discussion has been closed.