Suggestions regarding Watchtower

burn123

Hello there,
The watchtower features are awesome first of all, it is great to have a place to see all the things that are wrong with my accounts! I have a couple suggestions though.

1. I think it would be quite beneficial for users that are doing Dropbox syncing to have a warning about adding Dropbox TOTP to 1Password. I could see a scenario where someone accidentally locks themselves out because they just wanted to get all of their 2FA into 1Password. It wouldn't have to be anything fancy, just one of those boxes at the top giving a warning.
2. It would be helpful to be able to turn off certain parts of the watchtower, specifically "Unsecured Websites", since a lot of times I don't really have control over whether a site uses http or https.
3. For "Weak Passwords", I'd like an option to unflag a password, because some sites have overly strict password requirements that cause passwords to be considered weak by 1password

2 and 3 might be letting go of some security designed to persuade users to make a change, but 1 I think would be particularly good

---

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

MikeT

Hi @burn123,

Thanks for writing in. It's been a while.

I could see a scenario where someone accidentally locks themselves out because they just wanted to get all of their 2FA into 1Password. It wouldn't have to be anything fancy, just one of those boxes at the top giving a warning.

I could be misunderstanding this completely but how do you foresee that?

It would be helpful to be able to turn off certain parts of the watchtower, specifically "Unsecured Websites", since a lot of times I don't really have control over whether a site uses http or https.

You can do this by appending the http tag to the item. We're looking into the ability to suppress certain banners.

For "Weak Passwords", I'd like an option to unflag a password, because some sites have overly strict password requirements that cause passwords to be considered weak by 1password

Well, that one is tough to say and it goes into that ability I mentioned, suppressing certain banners. We still want you to see that you have these many weak passwords that you can always access in one area but at the same time, we see why seeing it take up a big spot in the top of the item can be distracting when you can't do anything about it.

We're surely going to improve on this.

burn123

Thanks for the response Mike. For the first item, I think you actually got the opposite of what I was saying! So say you use Dropbox to sync, and you didn't have any device with 1password around for some reason. If you had your TOTP for Dropbox in 1password, you wouldn't be able to set anything up, because you wouldn't be able to login to Dropbox. So I was actually suggesting to put a warning box that would suggest the user to not put TOTP for Dropbox in 1password, so they don't accidentally get locked out.

MikeT

Hi @burn123,

Sorry about that, I've updated my post after realizing you were talking about something else.

Basically,

If you're using Dropbox to sync your 1Password vaults, we recommend using a different authenticator app other than 1Password. If you do use 1Password, be careful as you may not be able to log into Dropbox on new devices without 1Password as your 1Password data is stored behind the TOTP-protected Dropbox account.

I'm not sure how this will work but we'll consider it.

burn123

Yeah that's what I was thinking!

MikeT

Got it, thanks! A bit rough start to this morning but I got there. :smile:

Alexey Stepanov

(OFF - MikeT, thanks for all the wonderful support here, but please consider updating your avatar photo - this one looks like a crop of a low-res scan of a poor-quality school photo, 90's have long gone! Just to reiterate - I only refer to the 'quality' of the photo used of course)

MikeT

Hi @Alexey Stepanov,

Thanks for the suggestion, I'll try to upload a new one soon. For some reason, the forum is recompressing my images.

burn123

@MikeT Is there any updates to this? 1password is still prompting me to add 2fa to Dropbox

MikeT

Hi @burn123,

No updates, you'll have to add 2FA to suppress the warning to Dropbox for now.

I've bought it up with the team that's handling the 2FA database but it is not an easy change and they don't appear to want to do this. I'll keep nudging them but I don't think this will change any time soon.