Ability to ignore watchtower warnings [feature req.]

koraykupe
koraykupe
Community Member

Hello,

Some websites don't allow to use complex passwords, but they offer mandatory 2-way authentication via SMS. So, I'd want to ignore/hide this website from watchtower "weak passwords" category.

Another example is TransferWise.com. It offers "mobile app notification" verification as a 2-way auth, but watchtower shows the website in "Inactive 2FA" category.

It'd be nice to do some improvements on that issues.

Best Regards.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Lars
    Lars
    1Password Alumni

    @koraykupe - there is no way to turn off the weak passwords warning currently. This is intentional; that password IS weak. In regard to the TOTP issue, you can suppress that particular warning on a per-record basis by editing the record and adding a 2FA tag to it.

  • koraykupe
    koraykupe
    Community Member

    2FA tag is useful. I didn't know that before. Thanks.

  • Lars
    Lars
    1Password Alumni

    @koraykupe - you're quite welcome. :)

  • koraykupe
    koraykupe
    Community Member

    Btw, what about this case? I have an "email account" record but have the same data as a login item for the webmail interface. So, it says "reused password" for that items, but they are not. I linked that items, but it didn't help. Any suggestion?

    Regards.

  • Lars
    Lars
    1Password Alumni

    @koraykupe - not at present, no. That's a use-case we may add in the future, but for now, there's now way to suppress that particular one.

    Having said that, if you update to 1Password 7 for Mac 7.2.2.BETA-4, there are a number of fixes for the Reused Passwords functionality:

    1. There is now a button at the top to see other instances where a password is used (and open them)
    2. Generated Password/Saved Login combos no longer flagged as re-used - if you have a generated password saved and you save a Login item with the same URL & password, it will no longer be flagged as re-used.
    3. Items with the same URL/password no longer flagged (i.e. - copies in multiple accounts/vaults). In other words, copying a Login or Password item from one vault into another will result in two separate items, but they will not be flagged as duplicates/re-used.

    Hope that helps! :)

  • kmpoppe
    kmpoppe
    Community Member

    I'd like to bring this feature request up again.

    It would indeed be very helpful to have the ability to disable the reused/weak/unsecured warnings with a specific tag.
    I can very much understand that 1Password would like to keep warning us users about a potential security risk, yet there are multiple reasons why one would need to keep a login within 1Password but at the same time being totally unable to do anything about this potential risk - alas continuing to nag the user about this fact seems pointless.

    I'd root for #RMWTCL (Compromised Logins) #RMWTVP (Vunerable Passwords) #RMWTRP (Reused) #RMWTWP (Weak) #RMWTUW (Unsecured) as Tags.

    Regards

    Kai

  • Lars
    Lars
    1Password Alumni

    @kmpoppe - thanks for weighing in. I definitely agree it would be useful for some users to be able to suppress various Watchtower warnings, as there are definitely use-cases for intentionally having Weak Passwords (sometimes you don't get to control them, such as other people's WLAN passwords, etc), or Reused Passwords (sometimes unavoidable). We're currently looking into a way that's more systemic and server-based, so it can work seamlessly across clients and also within the context of shared 1Password accounts (what might be a reused password for you in a Shared vault might not be for me -- or I might want to see the warning whereas you don't, etc). So we aren't going to be pursuing any additional tags-based approaches to this, but we are indeed working on a much more comprehensive solution. I don't have any information to share about when you might see such a thing, but we thank you for your patience in the meantime.

This discussion has been closed.