Batch process to remove "http://" from URLs?

mikejg
mikejg
Community Member
in Mac

I appreciate the WatchTower analysis that shows me that I'm potentially accessing sites using insecure HTTP.

I'd like a way to go through my Vault and remove the "http://" from all of those saved sites, rather than manually clicking through all of the steps ("edit" -> double click on URL -> remove "http://" -> click in window -> "save").

Can you add a feature to bulk remove the 'http://'?

I don't know if 1Password will also consider root domains when providing suggestions, ignoring the preceding "www" - if not, would it be possible to cut the "www" off too?

1Password Version: 7
Extension Version: 4.7.3.90
OS Version: 10.14.1
Sync Type: 1Password

Comments

  • Lars
    Lars
    1Password Alumni

    @mikejg - in fact, we can. Actually, we did. :) Add the tag http to any sites that use plain HTTP instead of HTTPS, and the warning will be suppressed. Hope that helps! :)

  • mikejg
    mikejg
    Community Member

    Cool. I actually want to use the most secure link, so just suppressing the warning doesn't solve that. I'd rather just update everything... That's just manual at this point, right?

  • tubedogg
    tubedogg
    Community Member
    edited November 2018

    Add the tag http to any sites that use plain HTTP instead of HTTPS, and the warning will be suppressed.

    That would have been super useful information last night when I was updating a couple hundred items with http in the URL. :P

    Edit: I don't suppose there's such a tag to disable the weak or reused password warnings? I get it, insecure and all, but there are a few cases where it's not up to me.

  • Lars
    Lars
    1Password Alumni

    @mikejg - you've just articulated precisely one of the reasons why we don't want to offer an easy way to suppress those warnings -- because most people are NOT like you in this regard. I'm very glad to hear you'd rather take the time to go through your Logins one by one and change HTTP to HTTPS where needed, because yes, that's the only way to do it, and it's the only real way to be as secure as possible. But if we give users a way to just hit "ignore" on a global basis, too many of them will do just that. And inevitably, some of those who do so will wind up being bitten by the issue. Thanks for taking security seriously.

  • Lars
    Lars
    1Password Alumni

    @tubedogg - there is not, right now. Updating to the current beta solves some of the actual issues with falsely-reused passwords (such as saved Password items sometimes getting flagged as Reused because there's a corresponding Login for the same site). If you have that kind of issue (and you don't mind running beta software), grabbing a copy of the latest beta and installing it will help there. If you're going to do that, make sure to Quit 1Password 7 Completely by typing ^⌥⌘Q (or just holding down the Control and Option keys as you choose Quit from the 1Password menu) first, then run the installer.

  • Lars
    Lars
    1Password Alumni

    @mikejg - to be clear, you do NOT have to click Edit and change things manually. If you'll look at your screenshot above, there is an automatic link to change it to HTTPS...but it's not a global link. You still have to do it on a record-by-record basis. Hope that helps.

This discussion has been closed.