Provide an option to ignore some weak passwords
Hi,
I'm a big fan of 1Password and I use it both at work but also to manage our passwords as a family. I've seen a number of previous (now closed) discussions about disabling / ignoring weak passwords in Watchtower.
There are a handful of websites that I use that require me to have a weak password where I would want to disable the warning. An example would be my online banking account. My password (they call it by another name, but that's what it is) is necessarily a 6-digit number (not my account number I hasten to add!).
However after that initial login step there are several additional steps - for example I am asked to type in random characters from another secret. Furthermore there are multi-factor authentication steps whenever I make a payment, or make a change to a regular payment.
Even though the first password I need to type into my online banking site is relatively weak, the additional security controls make me feel secure and safe using the site. As an advanced user (well, not a novice) who can weight these things up and make a reasonably informed decision I would like to have the ability to tell Watchtower to ignore my weak password in this instance. Not being able to do so makes me use Watchtower less, because there is enough noise to desensitise me to genuine warnings... as an example it turns out my account on this very forum was compromised in November 2019, but because I don't trust Watchtower to give me high-signal alerts I hadn't noticed.
There are other times where I am forced to use a weak password due to the way the site works (e.g. a car-parking app where the password is your mobile number). Even though there's nothing I can do to make my password stronger, I don't mind this so much because it does serve as a reminder to me that these sites - although useful - aren't necessarily the most secure, so I know to remain vigilant.
I still think there's a strong argument for my first case though, and while it's been discussed several times over the years it seems like we're still waiting for a solution to this problem. Are you genuinely considering adding in a feature such as this?
1Password Version: 7.7
Extension Version: 1.22.3
OS Version: 10.15.7
Sync Type: Not Provided
Referrer: forum-search:disable warning
Comments
-
I'm backing you up here.
I have a NAS on my internal network. It has no connections to the outside world that aren't already secured with strong encryption. For example, it directly uploads to Backblaze via the included apps.
However, logging in to it via my Mac, directly through my router...right now that's HTTP, with 2-factor authentication. So, to satisfy 1Password, I need to acquire an SSL certificate, set up a DNS server, configure a bunch of port forwarding and other firewall settings, and set it up as HTTPS. That makes my internal setup much more complicated - and difficult to manage when things go wrong.
So, the fact that it's behind a firewall router with strong protection isn't enough?
There's no way for me to tell 1password 'hey I don't need that HTTPS for my own reasons?
There's no possible way any other levels of security anywhere else can be enough for 1password to stop nagging me?It's just an annoyance, but the fact that it's beyond my ability to control makes it a super annoying one.
0 -
Thank you both for the suggestions! I have passed your feedback to the developers :+1: :)
ref: dev/projects/customer-feature-requests#130
0 -
FYI, I posted an easy compromise to this situation here. Surprised this hasn't been solved yet: https://1password.community/discussion/117812/sorting-by-tag-in-the-weak-passwords-area#latest
0 -
Thank you for letting us know :+1: :)
0