Disable "duplicate password" feature for some logins or a tag
Comments
-
At the moment I am afraid that we don't have an ETA for this. Sorry if this is not what you were hoping to hear.
0 -
@lammerding: At the moment I am afraid that we don't have an ETA for this. Sorry if this is not what you were hoping to hear.
And this is because of
(1) You have - after over a year - not come up with a satisfying solution
(2) You are unwilling to implement that feature
(3) You have not discussed that feature internally and thus cannot provide a concise answer?
0 -
@lammerding: Sorry to hear that you got the feeling that requests are being ignore, but we appreciate the honest feedback. In the meantime, I have passed your feedback to the developers too
I've read that sentence from you in several threads, some of the comments are over a year old. Not much (as in: nothing) has happened so far, and my impression from especially @Ben 's comments is that nothing IS going to happen because you seem to believe that it is your duty to educate your clients with regard to password security.
@Ben said
I would be curious to hear what the desire to keep passwords for separate services the same is, though. The main point of using a password manager is to use secure unique passwords for each service. It is sort of a square peg, round hole situation to use 1Password to store duplicate passwords with no intention of making them better. You'd be defeating at least half the purpose, and as such likely aren't going to be getting the value you'd be paying for.
I strongly believe that you are not in a position to stipulate what "the main point of using a password manager" is - you could say that "x,y is how we intended for our clients to use 1Password", but anything else seems rather arrogant if you are not all-knowing about all different use-cases. In terms of value-per-money, that is also a decision that I believe is best made client-side.
Anyway. If you are not able to confirm that an opt-out feature for (hopefully all) watchtower options (is the reference to the infamous Jehovah's Witnesses magazine intentional?) is under development and will be released soon, I'd rather spend my time with services from your competitors who offer that kind of functionality.
0 -
And this is because of
(1) You have - after over a year - not come up with a satisfying solution
(2) You are unwilling to implement that feature
(3) You have not discussed that feature internally and thus cannot provide a concise answer?
Number 1. Which could ultimately mean number 2 will be the answer. But we haven't come to that yet. It has been discussed extensively, and we've even tried some different things internally, but none to any acceptable level of satisfaction.
If you are not able to confirm that an opt-out feature for (hopefully all) watchtower options (is the reference to the infamous Jehovah's Witnesses magazine intentional?) is under development and will be released soon, I'd rather spend my time with services from your competitors who offer that kind of functionality.
We would like to provide a mechanism by which some of the use cases presented here (e.g. SSO) would not be flagged by Watchtower. I couldn't say if or when that might happen. I will share that it isn't in active development and would probably best be described as being in the brainstorming phase. It doesn't seem likely we're going to offer what you're looking for, though, in terms of a global opt-out of Watchtower. I'm sorry to not have a more satisfying answer and understand if that means you'll be looking for another solution.
(is the reference to the infamous Jehovah's Witnesses magazine intentional?)
I'm not familiar with either the magazine or the reference.
Ben
0 -
@Ben Thank you for the extensive answer.
For reference: https://en.wikipedia.org/wiki/The_Watchtower
There's actually a nice parallel in there: At least in Europe, Jehovah's Witnesses are infamous for door-to-door "marketing" of their belief, and they will try to convert you as soon as you open the door. So in a way, the name of your service is fitting, as it provides (potentially) unwanted information that you are forced to consume, and it gets annoying over time. :)
0 -
@mgrad92 I'm done, sorry about the unintentional spam.
0 -
You can change your notification preferences in your notification settings :+1:
0 -
Unfortunately i'm afraid not.
0 -
Just to add another +1 to this. At work I have to have three separate logins with the same password to handle the different username formats. It disappoints me that 1Password have not come up with even a simple solution to this in adding a label or for example ignoring it if the duplicate is in a linked entry.
Reading the threads about this, it feels like it's one of those extreme usability features that affect a subset of people, but not the workers at 1Password, and therefore it's not viewed as a priority. That's disappointing. There's no excuse for at least a basic option to not be available during the lifetime of a thread like this.
0 -
Thank you for the feedback as well! I have let the developers know that this is important for you :+1:
ref: dev/projects/customer-feature-requests#16
ref: dev/projects/customer-feature-requests#130
0 -
I'm also incredibly frustrated by this. This is the definition of alert fatigue. By removing our ability to silence these warnings (because they're all linked to LDAP/AD, and thus not actionable), you're training your users to ignore Watchtower alerts. Which is depressing, because Watchtower is a big selling point for 1Pass. It's just unusable for a large portion of your customer base because it's full of false/unactionable alarms.
Please will you just add tags or some sort of override option for all of the different Watchtower checks so that we can disable them when they aren't necessary? Some use-cases:
- Accounts linked to LDAP/AD: Adding them under a single entry reduces 2FA usefulness (since only the first 2FA entry auto-fills), and doesn't account for different username formats.
- Internal Web Portals: For many local-network-only web portals (like routers/Plex/etc.), it's not easy or necessary to setup HTTPS for them. We should be able to disable these alerts.
- Hardware Security Keys: When I use a hardware security key on a site that supports them, I still get a 2FA banner warning, because 1Password has no idea I've configured 2FA. We should be able to disable these alerts.
0 -
Hi @snietzsche:
Thanks for your feedback here. We're still actively investigating how best to handle Active Directory accounts, and I've added your feedback to the issue Ana mentioned above.
As for 2 and 3, you can add tags to disable the warnings. To hide the warning for HTTPS, add the tag
http
to an item. To indicate that you have 2FA on an item, add the tag2FA
. Using these tags will allow you to silence the Watchtower alerts for those two types. Let me know how it goes!Jack
0 -
@jack.platten - Do you have an ETA on when we can expect a fix for this? Even just a temporary one, like adding tags for the other watchtower categories?
This thread is more than 3 years old at this point, and your business customers - who work within an environment where SSO is considered mandatory wherever it can be implemented - are still waiting on you to even choose a possible option for a fix for this issue. I think it's preposterous that a company like 1Password, that's raised more than $300 Million in funding, is unable to resolve such a simple issue for their most dedicated users.
Can we dispose with the "we're looking for how to best solve this issue" language? It's pretty clear that 1Pass just have no intention of solving this problem at all. I think we would all appreciate an honest answer more than this running around in circles.
Do you plan on solving this problem or not? You have one of the most expensive password management solutions on the market. There are no excuses for failing to solve for this incredibly common use-case.
0 -
Do you have an ETA on when we can expect a fix for this? Even just a temporary one, like adding tags for the other watchtower categories?
Unfortunately not, sorry! But please reach out again in January, there might be updates then :+1:
0 -
@ag_ana Understood. This may not be a priority for you, but it's been an ongoing problem for our business's corporate security team. On that basis, I'll be switching to Bitwarden personally, and I'll be recommending to our CorpSec team to switch our enterprise over to Bitwarden as well.
This is extremely disappointing for a long-term customer, but if you don't want to fix the problems with your product, we'll go with a provider that will (and they're much cheaper, too!).
0 -
Understood @snietzsche, I appreciate the candid feedback.
0