Ignoring Weak Passwords
Hi all,
I found this thread that is already closed but with no solution... (https://discussions.agilebits.com/discussion/68168/suggestion-ignore-weak-passwords/p1)
Let's say I have accounts with a weak password that I cannot change. I don't want Watchtower to remind me (shame me) about having a weak password I cannot do anything about. Can you please add a tag (just like you do for 2FA items) to ignore weak passwords for those accounts?
Thanks!
1Password Version: 7.0.4
Extension Version: Not Provided
OS Version: Mac OS 10.13.5
Sync Type: Not Provided
Comments
-
I have an login like that. I was assigned the username and password by the site operator, with no way to make changes in either. I rather like being shamed about it, though. ;) It reminds me of their insecure policies. Same as sites that refuse to accept pasted-in credentials.
I do get your request, though.
0 -
There is a 2FA tag that can be used to suppress the 2FA warning. Perhaps a similar tag, something like "weak exempt" could do the same for weak passwords.
0 -
+1
0 -
:) :+1:
0 -
One more example would be usecase like mine - I have lots of weak password I use for test accounts during work, but those are only accessible from withing the company network, so I would like an option to ignore certain domains from giving me those warnings.
0 -
+1
some sites do not let you choose strong password (only numbers like some banks, social security) hence 1PW warns about weak password that we cannot make stronger.
definitely a specific tag would really help - maybe with a strange name like IWPBNPSSP (Ignore Weak Password Because Not Possible to Set Strong Password)0 -
@cnasarre - thanks for the suggestion! I vote for
IWPBTSSWAMTPGS("Ignore Weak Password Because This Stupid Site Won't Allow Me To Practice Good Security") ;) -- but seriously, folks, we get you. This remains an issue for (thankfully) a tiny minority of sites, but an issue nonetheless. Our developers are exploring ways we can allow such comparatively rare sites to be dealt with in a way that doesn't also wind up defeating the purpose of the warnings altogether. Stay tuned! :)0 -
+1
0 -
:) :+1:
0 -
Also vote for custom tag to suppress warning for items you have no control over. Then I could take every single warning seriously, which would be a nice shift :)
0 -
Thanks for chiming in! I think we might take a different approach to tags in the future, so we can free those up for their original purpose, but we definitely want to offer more control in this area. :)
0 -
I have a bit of a different scenario that could use an ignore tag. I have a few accounts that are closed and don't want to delete for historical purposes that are showing up in Watchtower.
0 -
@quickxlr8 - thanks for weighing in. :) For the present, if these items have passwords that are duplicated in other accounts, you could remove the password item from the closed, no-longer-needed account and leave yourself a note in the notes field to the effect of "see _____ password." That would remove any Reused Password banner for you. And if it's simply a weak password for a closed account where the password is not in use anywhere else, you could copy it out and paste the password itself in the notes field, which would remove the "Weak" warning. Or you could create a Secure Note or even spreadsheet or other document with username, password, title, etc -- whatever you wished, and keep that as a Document item. If these accounts are old and closed, this wouldn't pose any kind of security risk for you.
0 -
On behalf of Lars you're most welcome. :)
Ben
0 -
This content has been removed.
-
Hi, is there any update on that?
I do need possibility suppressing that warning as some passwords I store cannot follow any pattern 1P considers strong (limitation of a system like some banks or test/shared passwords) although I would like to see if there is a password I could actually improve.
0 -
It's something we're looking into, but in a way that's flexible and benefits all 1Password users. We've really reached the limit of the current approach, so we want to make sure that what we do going forward is more sustainable. :)
0 -
This issue is now open for 1,5 (!) years. And it's still annoying. How long should we "stay tuned for updates"?
0 -
Hi @fieten,
I wish I had a good answer that I could give for that question, but even if I knew I wouldn't be in a position to share. We have a policy here of not discussing features before they're completed. We don't pre-announce features, or issue timelines. As others have mentioned above it is something we recognize the desire for, and hope to be able to address that desire at some point, but we want to be sure we're doing so in a responsible and robust way if we do.
Ben
0 -
Hi,
I see you've been "looking into this" for the past couple of years...
I'm really looking forward to this feature, since I have a lot of banking sites with 8-number only passwords that I can't make stronger and are contaminating my "Weak Passwords" list in Watchtower, which would be great to target it to be 0 (by making all the other possible passwords stronger), but I wouldn't ever be able to achieve that in the state this issue is right now.
Thanks.
0 -
Thank you for sharing your use case with us :+1:
0 -
I'll +1 this as well. As a web developer I have dozens of websites that are only periodically hosted locally (or at most temporarily shared on a LAN for testing). No need or desire to give these strong passwords as they are purely functional and protect nothing of value.
Having dozens of "terrible" (as 1PW likes to mock me for) passwords just causes me to completely ignore Watchtower as I am not gonna go through the list every so often just to to check if there's an actual risk in there.
I am kind of surprised that this apparently has no priority at all, because getting people to ignore your warnings is dangerous and makes one of your core features basically useless. I hope my 2 cents help :)
0 -
We appreciate your feedback @DennisC12, thank you!
0 -
I would like to +1 this as well, for the same reasons as above. There are some passwords (or codes) that I can't change that are reported as being weak, thus corrupting the weak passwords feature.
Regards,
John0
