Suppress insecure website warning (ideally per-site)?

I have some local sites that are password protected but do not have certs for TLS (like my FreeNAS). Every time I log into it (which can only be done on the LAN) 1Password throws up the warning that I'm logging into an insecure website.

Is there any way to turn this off?

If not, this is my request to be able to turn that off per-site.

Thanks.


1Password Version: 1Password 7 Version 7.8.5 (70805001)
Extension Version: Not Provided
OS Version: 11.4
Sync Type: Not Provided

Comments

  • ag_anaag_ana

    Team Member

    Hi @JetForMe!

    Can you please post a screenshot of this warning, so we can make sure to understand where exactly it is showing up? Thank you!

  • ag_yaronag_yaron

    Team Member

    @JetForMe Since you saved this login item on the HTTPS version of the website (or so it seems), you see this warning when you try to autofill it on the HTTP version.

    If you delete the current login item you have for this website and save a brand new one in the HTTP version of the site, this warning should go away.
    Please give that a try and let us know if that helped.

  • Ah, I didn't have anything specified, just freenas.local. I added http:// in front of that, and the warning goes away, but now there's a giant orange "Unsecured Website" banner on the entry in 1Password.

    Basically, I want to tell 1P that it's OKAY that a particular site is not secure.

  • ag_anaag_ana

    Team Member

    @JetForMe:

    I added http:// in front of that, and the warning goes away, but now there's a giant orange "Unsecured Website" banner on the entry in 1Password.

    You can add the http tag to this item to suppress the warning inside the 1Password app ;)

  • Ah thanks, that took care of it. Perhaps that tag should also suppress the warning dialog in the absence of any URL scheme? I.e., don't assume https:// if there's no scheme present, but rather assume http:// if the http tag is present.

  • ag_yaronag_yaron

    Team Member

    There are some security concerns involved with this, but thanks for the suggestion and feedback!
    I'm glad to hear everything is working as you'd like it to now :)

  • Obviously once a user has added the http tag, they're pretty intent on treating the credentials less securely. If they've gone to the trouble (as I have) to remove the URL scheme, AND tag the entry, I think that's probably enough, no?

  • ag_yaronag_yaron

    Team Member

    What you've specifically done in this specific instance and example is enough, yes. :chuffed:

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file