Ability to ignore watchtower warnings [feature req.]
Hello,
Some websites don't allow to use complex passwords, but they offer mandatory 2-way authentication via SMS. So, I'd want to ignore/hide this website from watchtower "weak passwords" category.
Another example is TransferWise.com. It offers "mobile app notification" verification as a 2-way auth, but watchtower shows the website in "Inactive 2FA" category.
It'd be nice to do some improvements on that issues.
Best Regards.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
@koraykupe - there is no way to turn off the weak passwords warning currently. This is intentional; that password IS weak. In regard to the TOTP issue, you can suppress that particular warning on a per-record basis by editing the record and adding a
2FAtag to it.0 -
2FA tag is useful. I didn't know that before. Thanks.
0 -
@koraykupe - you're quite welcome. :)
0 -
Btw, what about this case? I have an "email account" record but have the same data as a login item for the webmail interface. So, it says "reused password" for that items, but they are not. I linked that items, but it didn't help. Any suggestion?
Regards.
0 -
@koraykupe - not at present, no. That's a use-case we may add in the future, but for now, there's now way to suppress that particular one.
Having said that, if you update to 1Password 7 for Mac 7.2.2.BETA-4, there are a number of fixes for the Reused Passwords functionality:
- There is now a button at the top to see other instances where a password is used (and open them)
- Generated Password/Saved Login combos no longer flagged as re-used - if you have a generated password saved and you save a Login item with the same URL & password, it will no longer be flagged as re-used.
- Items with the same URL/password no longer flagged (i.e. - copies in multiple accounts/vaults). In other words, copying a Login or Password item from one vault into another will result in two separate items, but they will not be flagged as duplicates/re-used.
Hope that helps! :)
0 -
I'd like to bring this feature request up again.
It would indeed be very helpful to have the ability to disable the reused/weak/unsecured warnings with a specific tag.
I can very much understand that 1Password would like to keep warning us users about a potential security risk, yet there are multiple reasons why one would need to keep a login within 1Password but at the same time being totally unable to do anything about this potential risk - alas continuing to nag the user about this fact seems pointless.I'd root for #RMWTCL (Compromised Logins) #RMWTVP (Vunerable Passwords) #RMWTRP (Reused) #RMWTWP (Weak) #RMWTUW (Unsecured) as Tags.
Regards
Kai
0 -
@kmpoppe - thanks for weighing in. I definitely agree it would be useful for some users to be able to suppress various Watchtower warnings, as there are definitely use-cases for intentionally having Weak Passwords (sometimes you don't get to control them, such as other people's WLAN passwords, etc), or Reused Passwords (sometimes unavoidable). We're currently looking into a way that's more systemic and server-based, so it can work seamlessly across clients and also within the context of shared 1Password accounts (what might be a reused password for you in a Shared vault might not be for me -- or I might want to see the warning whereas you don't, etc). So we aren't going to be pursuing any additional tags-based approaches to this, but we are indeed working on a much more comprehensive solution. I don't have any information to share about when you might see such a thing, but we thank you for your patience in the meantime.
0
