1Password on Mastodon

Reused Password warning



  • koshkosh
    Community Member

    I'd like it if items that were linked would be considered the same login, that shouldn't affect other users and logically makes sense.

    Maybe if I had a single parent item (probably an identity) and then linked it to all my work logins so they all get considered to be that one identity login.

    I have a work login that uses a backend system for authentication, so I've got 13 different items that all have the same password, I went through and combined them into the one login to avoid the reused password warning, but I now have a single item with 13 different "open and fill" options, can't use the double-click on the item anymore and having 2FA in multiple services (where 2FA is unique to the service, but authentication details are shared) makes logging in a manual process now instead of like other sites where I can just click the dropdown in the browser and auto-fill the 2FA.

    The alternative is getting alert fatigue over the reused passwords warning and probably ignoring other warnings as well.

  • AGAlumBAGAlumB
    1Password Alumni

    Thanks for your feedback! It's a bit tricky if the credentials are not the same, just the password; but one of the approaches we're considering is in that vein. :)

  • glenn1pglenn1p
    Community Member

    I'd like to add to this thread to say again that users like me who deliberately have multiple items that include the same credentials are punished by the lack of ability to disable the warnings and alerts. We get it. We have great passwords. We're not reusing our passwords. (At least I'm not.) But oh those alerts! Please give us this option.

  • ag_anaag_ana
    1Password Alumni
    edited August 2019

    Thank you for taking the time to share this feedback! I have shared your feedback with the team :)

  • bpmisc777bpmisc777
    Community Member

    There needs to be a way to dismiss this, perhaps an advanced-section setting.

    There is no security issue with re-using a throw away password on throw away sites. (Yes, such exist - not everything you have to create an account for is actually important, it's just some ass-hat company forcing you to create a login to do a one-time thing, but then you have to remember that account because three years later they won't let you re-register with the same email address because "that account already exists!")

    I support the goal of good password hygiene. But at the end of the day it's MY data, and I'll choose the passwords I want. I know what I'm doing. Having non-dismissible red-banners smeared across random passwords in my vault with the software telling me what I should do is counter to that. Sure, help people out by letting them know. But once you've let them know, there's no need to keep shouting at them forever with WARNING WARNING WARNING red banners on the login. Yes, I get it, I know. Thank you. I've seen your warning. I read it, I don't care. I know what I'm doing. Go away now please.

    Having this be permanent is just really, really fricken annoying.

  • ag_anaag_ana
    1Password Alumni

    Thank you for your feedback as well @bpmisc777! :)

  • lerokielerokie
    Community Member

    any chance there is an update on this? I have many organizational passwords for work that use my same network password but because of the click to launch URL functionality I have them over multiple 1P logins as opposed to consolidated into one login with multiple URLs. I would like to add a flag or something similar that will let 1P know that I know it is reused and I'm purposely dismissing it - a la 2FA flag for those websites that don't use Google Authenticator.

This discussion has been closed.