Can you please not generate "weak password" for PIN numbers

00sjsl
00sjsl
Community Member
edited February 2023 in 1Password 3 – 7 for Mac

There are lots of scenarios where PINs need to be kept secure. There is no point in having a weak password warning for something that can only ever be a six digit number. Maybe you could have a different item category called PIN to allow the check to be more sensible.

Likewise there is no point in having a duplicate password warning when there is a matching Password item and Login item for the same website,

Edit:
This is for 1Password7 on the Mac (though the iPad app is the same)


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

Comments

  • r3r344r4
    r3r344r4
    Community Member

    Agreed, 4 digit PINs are certainly insecure, but there's often no choice on many systems than to use a 4 digit PIN

  • Hello @00sjsl and @r3r344r4! 👋

    Thank you for the feedback! If you're using 1Password 7 then, while the weak password warning can't be disabled, you can disable certain other warnings in the Preferences window:

    image

    1Password 8 allows you to dismiss Watchtower warnings by clicking on the Ignore button:

    image

    With the launch of 1Password 8 for Mac, 1Password 7 for Mac is no longer supported and will only receive important security updates. I strongly encourage you to update to the latest and greatest version as soon as you have the chance: Upgrade to 1Password 8 for Mac

    -Dave

  • r3r344r4
    r3r344r4
    Community Member

    Latest, perhaps, but greatest is debatable 😊 I am concerned by bugs in what I would consider very basic password manager functionality (editing a password) in 1Password 8 (https://1password.community/discussion/138165/edit-jumps-to-the-wrong-entry) which is making me hesitate to evangelize the upgrade to my family. I look forward to these bugs being fixed, but the strong push to version 8 seems a bit premature.

    In this case, a global setting might be helpful, to avoid the labor of manually ignoring the alert for every single entry that contains a 4 digit passcode.

  • @r3r344r4

    I'm sorry that you ran into a few different issues, I see that my colleague has already replied to you in the other thread and I'll let you continue that conversation over there.

    In this case, a global setting might be helpful, to avoid the labor of manually ignoring the alert for every single entry that contains a 4 digit passcode.

    Even if a website only allows you to use a 4 digit PIN that PIN is still weak which is why Watchtower flags it. I believe that the issue with a universal toggle is that there's no way for 1Password to differentiate between a "legitimate" PIN code and just a weak 4 or 6 digit numeric password that a user should be warned about.

    Out of curiosity, if you're comfortable sharing, how many items do you have that use weak PIN codes that make it inconvenient to use the "Ignore" button to dismiss the warning on each item individually?

    -Dave

  • r3r344r4
    r3r344r4
    Community Member

    I suppose my challenge is that it devalues the watchtower score when I know that an unknown percentage is PINs that I can’t change. Of a total list of about 1400, I have about 120 insecure PINs - things like home security PIN, ATM PIN, regional websites with mobile number + PIN based login, etc

  • @r3r344r4

    Thank you for the feedback, I've passed it along to the product team. 🙂

    Personally, if it helps, I usually store PINs as a custom field inside of another (related) item. So my ATM PIN is stored as a custom password field underneath my bank username and password. Custom fields aren't flagged by Watchtower:

    image

    I know that won't work for all of your examples but I'm sharing in case it helps a little. In the meantime, you'll need to Ignore the other warnings individually using 1Password 8 to stop seeing them flagged by Watchtower.

    -Dave

    ref: PB-31428474

This discussion has been closed.