Why is Watchtower/Security Check at the top

Using 1Password 7 on a Windows PC (currently have a Family Membership). Why was the decision made to put the Security feature (Watchtower, etc.) at the top above Categories and Tags. I do not like having to "scroll down" to get to my category list or tag list. Do we have the option to rearrange the groups in the left column. If not, I would like to make this a top level wish list item.

In addition, I find the security messages an irritant - I.E. - if there was an https:// website rather than htpp:// I would be using it - I don't need a constant nag every time I go to that login. If my password is weak or reused - I don't need a constant nag every time I go to the item login or secure note. I would rather have the option to turn off all security notices rather than have an intrusive message displayed every single time I go to an item. In the past, some users complained that there were not enough security warnings - now, AgileBits has gone to the extreme with their intrusive warnings (spoiler - these intrusive messages are not helpful - they are there constantly and therefore they are a HUGE IRRITANT)


1Password Version: 7.1.567
Extension Version: Not Provided
OS Version: Windows 10
Sync Type: 1Password Membership

Comments

  • Greg
    Greg
    1Password Alumni

    Hi @Bernfrin,

    I am sorry for this inconvenience with 1Password!

    Why was the decision made to put the Security feature (Watchtower, etc.) at the top above Categories and Tags. I do not like having to "scroll down" to get to my category list or tag list. Do we have the option to rearrange the groups in the left column. If not, I would like to make this a top level wish list item.

    Security is very important to us, so we want our customers to stay up to date with the security information regarding their vault. This design is consistent across Mac and Windows, but we will definitely consider customisation or rearranging of the sidebar groups in the future. Right now, you can collapse Watchtower list in your sidebar, so you won't have to scroll down to find your categories. It should look like this:

    I find the security messages an irritant - I.E. - if there was an https:// website rather than htpp:// I would be using it - I don't need a constant nag every time I go to that login. If my password is weak or reused - I don't need a constant nag every time I go to the item login or secure note. I would rather have the option to turn off all security notices rather than have an intrusive message displayed every single time I go to an item. In the past, some users complained that there were not enough security warnings - now, AgileBits has gone to the extreme with their intrusive warnings (spoiler - these intrusive messages are not helpful - they are there constantly and therefore they are a HUGE IRRITANT)

    The best way to get rid of the security warnings in 1Password is to change the passwords in question. :) However, I can totally understand where you are coming from in terms of Unsecured websites (http:// instead of https://). There is always a room for improvement, so your suggestions are noted. Watchtower 2.0 was introduced quite recently, so it will be refined.

    If there is anything else we can help you with, please let us know. Thanks! :+1:

    Cheers,
    Greg

  • This content has been removed.
  • AGAlumB
    AGAlumB
    1Password Alumni

    @Bernfrin: I think that the hyperbole and violent imagery are a bit over the top, but I agree that this is a problem in need of a solution for many people. I can't tell you exactly what we'll end up doing to help with this, but it's something we're looking into. Thanks for taking the time to let us know you'd like to be able to disable security notices for specific items.

  • Unknown
    edited June 2018
    This content has been removed.
  • PaulShark
    PaulShark
    Community Member

    @Bernfrin: Thanks for this comment, and I fully agree. The whole purpose of this software is to maintain a database of secure passwords, not more, not less. Anything else is distracting and annoying, especially if it flashes on your monitor again, again and again, and the message is simply wrong, and it is not possible to turn it of. Much like the infamous clippit assistant in earlier versions of MS office that used to pop up whenever it was not welcome. So disturbing. Newer versions of Office do not have it. But you introduced a similar feature. Please remove.

  • Hi guys,

    There's not much we can say right now other than that we'll continue to refine the experience based on feedback; we do want to find a way to suppress the messages for specific items and/or options to disable it. It will get better in time. We've received thousands of positive feedback about this integration and most of them do love seeing these warnings. One thing for sure, we're not getting rid of it completely.

    The whole purpose of this software is to maintain a database of secure passwords, not more, not less.

    Sorry but that isn't the sole purpose of 1Password. In addition, it can't tell you what password is secure or not secure without telling you the said password is insecure in the first place.

    We're not a simple password manager, we're far more than that and we'll continue to add value to 1Password to make sure you stay secure using 1Password. If you want something less than that, then 1Password may not be the right product for you.

  • PaulShark
    PaulShark
    Community Member
    edited June 2018

    Please consider passwords using the standard alphabet, there are 26 lower case characters, 26 upper case characters, and 10 digits, making a total of 62. When generating a random six-digit password with these 62 characters, then there are 62^6 possible permutations, that is 5.68e10 permutations. It would take 65 days testing all these passwords at a rate of 10 per second. Neverheless, such passwords get a red flag in 1Password as being insecure, and this was my standard setting for passwords in Version 6. It is unrealistic to assume that a malevolent hacker spends weeks to crack the access to my gourmet website or to my favourite home improvement web store, if it would be possible to try out 5.68e10 permutations over the web anyway. Now I should change all these "insecure" passwords or not?

    Also, your comment about "thousands of positive feedback about this integration" reminds me of the increasingly common use of totally unsubstatiated claims and aggravations in US media today, and I know that you are company located in Canada. I could not find a single positive comment about this red flag feature, please point me to one.

    Edit: Just noticed that even 7-digit passwords which follow the rules (uper/lower charcters + digits) are considered insecure and "easy to guess". This makes 3.52e12 permutations. Please calculate yourself how long it takes to crack these totally insecure passwords.

  • PaulShark
    PaulShark
    Community Member
    edited June 2018

    you deleted my comment.

    to sum it up again: any password containing upper/lower characters + digits is considered insecure, when 7 characters long. That makes 3.52e12 permutations to crack this "easy to guess" password or 111.67 years at a rate of 1 try per second. So somebody can guess it in the year 2120 when starting today. Would you therefore still recommend changing all these passwords, or better change your settings?

  • AGAlumB
    AGAlumB
    1Password Alumni

    @PaulShark: No one deleted your comment.

    I don't know what you're basing this on, but 6 or 7 character passwords are easy for a machine to guess, and are thus considered weak by not only 1Password, but the security community at large. And all of these short passwords will be pre-calculated anyway, so an attacker is just running through a list. A "rate of 1 try per second" was possible already decades ago. A lot more power is available now. Otherwise you'd be waiting a long time just to unlock your vault with the correct password. It's unrealistic to assume that an attacker is either stupid, using outdated technology, or both.

  • This content has been removed.
  • AGAlumB
    AGAlumB
    1Password Alumni

    @Bernfrin: I'm not sure what "aspersions" you're referring to, but I'm sorry for not being clearer. I was referencing your "brow beaten", "nanny", and "user's are not smart enough to think for themselves" comments. Add to that "in your face" and "browbeating your client's with constant in your face messages". I think that's pretty over-the-top, but I recognize that I don't speak for everyone. It just seems a bit aggressive considering we're talking about password manager computer software. :)

    Anyway, no one suggested that turning it off is a solution. I think we're all in agreement that it would be nice to have a way to disable/hide specific notifications in a future version though. Thanks for your feedback on the subject. Take care! :chuffed:

This discussion has been closed.