How do I eliminate the Weak Password warning?
Is there a way to eliminate the weak password warning for individual vault entries, similar to the "2FA" tag? Seems like this has been a frequently requested feature for several years.
There are many cases in which this can occur. For me, the most common case is when storing PIN numbers. There's a PIN number for my voice mail, a PIN number for the gate to my complex, a PIN number for my garage door opener, a PIN number for my ATM card (and every debit/credit card), a PIN number for when I call my cell phone provider, a PIN number for WhatsApp, a PIN number for Signal, a PIN number for my frequent flier program, a PIN number to unlock my phone, and on and on and on. These are not weak passwords -- they are PIN numbers!
Similarly, I store combinations for combination locks in 1P. Again, these are not weak passwords -- they are combinations!
There are also cases where service providers and older products severely limit what can be used for a password, which may preclude meeting 1P's password complexity rules. E.g., I interact with many sites that limit passwords to 12-16 characters and some disallow virtually all symbols. While it would be great if these products allowed longer and more complex passwords, attempting to wag the dog just isn't practical.
Seeing a big number of "Weak Passwords" reported by 1P every time I open 1P creates a lot of false-positive noise and leads to an insecure reality -- now I totally ignore what 1P is telling me, with regards to weak passwords. I perpetually have 29 "Weak Passwords" of which zero are actually weak passwords.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Referrer: forum-search:How do I eliminate the Weak Password warning?
Comments
-
Is there a way to eliminate the offer to update the password for individual vault entries, similar to the "2FA" tag?
I have several accounts that are protected by SecureID. In most implementations the way SecureID works is by appending a one-time password to your account password when logging in. E.g., if my account password is "abc" and my SecureID token generates the OTP "123", I would login to the site using the password "abc123". Next login my SecureID token generates the OTP "456", so I would login with the password "abc456".
Since the password 1P sees is unique for each login, 1P gives a pop-up asking to update the vault entry for every-single-login. While 1P is trying to help, it's quite irritating.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Referrer: forum-search:How do I eliminate the offer to update a password vault entry for a site?0 -
Hi @bob_smith
PINs that meet this criteria should not be flagged by Watchtower as weak:
If the item does not have a website value and the password is all digits and 6 or less characters, it is considered a PIN code and should be excluded.
Unfortunately we've had some difficulties getting this logic properly implemented in all of our apps. I can say that that I tested this against the latest nightly build of our 1Password 8 for Mac Early Access app and it appears to handle it correctly (i.e. PINs as defined above are not flagged). As we move into the 1Password 8 apps I suspect this will be a mostly solved problem. Additional details on the Early Access can be found here.
There are also cases where service providers and older products severely limit what can be used for a password, which may preclude meeting 1P's password complexity rules. E.g., I interact with many sites that limit passwords to 12-16 characters and some disallow virtually all symbols.
I wish I had a better answer for this case, but we don't have a solution in the works for this problem at this time. I'll be happy to add your voice to the chorus of folks who are looking for something like this.
Is there a way to eliminate the offer to update the password for individual vault entries, similar to the "2FA" tag?
There isn't, but depending on your setup we may have a less obtrusive workflow to offer. Could you please let me know what version of the 1Password extension you have installed, and in which browser? WIth the latest extension you'll get this prompt, which is much more minimal and less interruptive than earlier iterations. Hitting the escape key will dismiss it.
Ben
0