Add option to sort Watchtower items by the date they were added on the server side
Watchtower is a great tool, and has several useful options for sorting items. But let's say I have a number of items in a category, say 2FA Inactive, and I have evaluated all of them and either I'm not ready to use 2FA or I'm using something stronger like say a security token. Now a few weeks later, on the server side (i.e., 1password.com) you guys learn about and add some new websites that support 2FA. What I would like to do is sort my items my the date YOU (the 1password server) became aware of them so that I can evaluate the items I haven't looked at already.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:sort watchtower
Comments
-
@spaceman_spiff: It's an interesting idea, but I do have one question: Why? What benefit do you anticipate the date we happened to add it to our database would offer you?
0 -
@brenty if I were always able to “clear out” all the items in my Watchtower categories, I wouldn’t need this feature. Because anytime I came back to Watchtower, I’d know exactly what I need to look into, it would just be all the items listed.
But as I mentioned, sometimes for one reason or another there are items in a Watchtower list that I must leave as they are. There could be a lot of them, several dozen or more. Now let’s say I come back to Watchtower later. How do I know which of these items I’ve already evaluated and essentially in Jira terms decided it’s a “Won’t Fix” item vs a new arrival that I haven’t seen before? I have to sift through everything in order to be sure I’ve caught anything that’s new. But if you let me sort by the new arrivals from the server side, the new stuff would all be waiting for me to look at, right at the top of the list. Does that make it more clear?
0 -
@spacemn_spiff: Hmm. You make some good points. But I think it's worth exploring the other side too. What are the circumstances where you can't address issues Watchtower notifies you about? Having a "won't fix" option is something we're also exploring, and having concrete examples is helpful.
0 -
@brenty sure one easy example is items that are "owned" by others. Suppose someone in my family has shared a login item with me. If 2FA is supported for that website but I can't convince them to use it, I'm stuck. Or websites that let you choose an auxiliary password for some feature on the site. I could create that as a field within the login item for the site, but that isn't as convenient as having it as a separate item which I can get to more easily in the 1P mini window. Or, TOTP may be offered as a 2FA option but I may consider it weaker than using a hardware token, and use that option instead. There is no way to tell 1P that I am using 2FA, just not the TOTP option.
Long story short, you will not be able to get all users to address every item, every time. And 1P does not show me which items are newly arrived, it does not let me sort by when they "arrived" in 1P, and it does not let me mark them as Done or Reviewed. Even just allowing me to sort by Tag would work, I could create a tag for those items I cannot or will not fix. I could probably convince my family to let me add a tag, at the very least. :)
0 -
It looks like 1P decides whether 1P is available based on domain (maybe TLD+1?), but that sometimes gives false positives. For example, TurboTax and Mint both use the same login portal https://accounts.intuit.com, but only TurboTax supports 2FA. Another example would be a website https://www.example.com which supports 2FA for web logins, but perhaps I also have an FTP login item which uses the URL ftp://ftp.example.com. The latter FTP item shows up as supporting 2FA, which it may not because of course the web and ftp credentials do not have to use the same authentication backend.
0 -
Anyway, point is that Watchtower is a fantastic tool and I love it, I just wish I had a way to find out which items I've reviewed and which I haven't yet. :)
0 -
one easy example is items that are "owned" by others. Suppose someone in my family has shared a login item with me. If 2FA is supported for that website but I can't convince them to use it
@spaceman_spiff: Good example! Thank you! :)
Or websites that let you choose an auxiliary password for some feature on the site. I could create that as a field within the login item for the site, but that isn't as convenient as having it as a separate item which I can get to more easily in the 1P mini window.
Hmm. I'm not sure what you're referring to here. Maybe some weird thing specific to a certain site?
Or, TOTP may be offered as a 2FA option but I may consider it weaker than using a hardware token, and use that option instead. There is no way to tell 1P that I am using 2FA, just not the TOTP option.
Sure there is! Just add the tag
2FAand you're good to go. :sunglasses:It looks like 1P decides whether 1P is available based on domain (maybe TLD+1?), but that sometimes gives false positives.
That's correct. It cross-references the URL you have saved in 1Password with the twofactorauth.org database. I'm not sure what it could use besides the URL. ;)
For example, TurboTax and Mint both use the same login portal https://accounts.intuit.com, but only TurboTax supports 2FA.
Mint does seem to support some form of multifactor authentication, even if not ideal:
Another example would be a website https://www.example.com which supports 2FA for web logins, but perhaps I also have an FTP login item which uses the URL ftp://ftp.example.com. The latter FTP item shows up as supporting 2FA, which it may not because of course the web and ftp credentials do not have to use the same authentication backend.
I think my suggestion above will help, if it's not just a hypothetical. Either way, let me know. :)
Anyway, point is that Watchtower is a fantastic tool and I love it, I just wish I had a way to find out which items I've reviewed and which I haven't yet. :)
Thanks for the kind words! I'm glad you're enjoying Watchtower, and we'll continue to make it even better. :chuffed:
0 -
Ah I wish you’d mentioned the 2FA tag earlier! That’s a very helpful tool, is it documented somewhere? Must have missed it.
The www vs ftp example is actually not contrived, just didn’t feel like giving the actual domains. :chuffed:
Re: auxiliary passwords, as an example some online backup services allow you to choose a password which is used to encrypt your data which they never have access to. This allows you to use the service and preserve your privacy, which is very nice. But, as far as I have been able to discover, the most convenient way to deal with them is as two separate Login items.
Re: domains, I was not suggesting that 1P shouldn’t use the domain, as you say... how else you gonna do it? :) But you asked for examples where the 2FA section of Watchtower could yield items that can’t be “resolved” and false positives based on TLD+1 is one way that can happen. You could try to use more than TLD+1, but that gets tricky because of course companies change URL schemes and I can sympathize with not wanting to chase another moving target.
If you want the exact examples that I’ve referred to sort of obliquely here, I’m happy to share them over a less public channel, if it’s helpful to you guys. Thanks again for the 2FA tag protip, and if you guys can find some way to help poor saps like me surface those items we haven’t seen yet among all those in the Watchtower, that would be awesome! :) Maybe something as simple as the Read/Unread boldfacing that is common in email clients to show items you haven’t seen yet would be good enough.
0 -
Ah I wish you’d mentioned the 2FA tag earlier! That’s a very helpful tool, is it documented somewhere? Must have missed it.
@spaceman_spiff: Sorry about that! Indeed, it's documented in our Watchtower guide under "Identify logins that support two-factor authentication". I thought you were looking for a different option. :blush:
The www vs ftp example is actually not contrived, just didn’t feel like giving the actual domains. :chuffed:
No problem. :)
Re: auxiliary passwords, as an example some online backup services allow you to choose a password which is used to encrypt your data which they never have access to. This allows you to use the service and preserve your privacy, which is very nice. But, as far as I have been able to discover, the most convenient way to deal with them is as two separate Login items.
Ah, I see. Yeah I've used CrashPlan and Backblaze, so that's familiar to me. Honestly, I store those in the Notes field in the same Login because, while I want them together, I never want the encryption key filling into a website. It's always stored safely only in 1Password. It's a good example though.
Re: domains, I was not suggesting that 1P shouldn’t use the domain, as you say... how else you gonna do it? :) But you asked for examples where the 2FA section of Watchtower could yield items that can’t be “resolved” and false positives based on TLD+1 is one way that can happen. You could try to use more than TLD+1, but that gets tricky because of course companies change URL schemes and I can sympathize with not wanting to chase another moving target.
I hear you. Personally, I just save multiple URLs in Logins, but certainly not everyone may want to for whatever reason.
If you want the exact examples that I’ve referred to sort of obliquely here, I’m happy to share them over a less public channel, if it’s helpful to you guys. Thanks again for the 2FA tag protip, and if you guys can find some way to help poor saps like me surface those items we haven’t seen yet among all those in the Watchtower, that would be awesome! :) Maybe something as simple as the Read/Unread boldfacing that is common in email clients to show items you haven’t seen yet would be good enough.
That's an interesting idea. Thank you! And if you'd be willing, send an email to support@1password.com with the details of the specific sites you have in mind. Just post the Support ID you receive here. I'll be happy to take a look. :)
0
