Disable "duplicate password" feature for some logins or a tag

@lammerding: Sorry to hear that you got the feeling that requests are being ignore, but we appreciate the honest feedback. In the meantime, I have passed your feedback to the developers too

I've read that sentence from you in several threads, some of the comments are over a year old. Not much (as in: nothing) has happened so far, and my impression from especially @Ben 's comments is that nothing IS going to happen because you seem to believe that it is your duty to educate your clients with regard to password security.

@Ben said

I would be curious to hear what the desire to keep passwords for separate services the same is, though. The main point of using a password manager is to use secure unique passwords for each service. It is sort of a square peg, round hole situation to use 1Password to store duplicate passwords with no intention of making them better. You'd be defeating at least half the purpose, and as such likely aren't going to be getting the value you'd be paying for.

I strongly believe that you are not in a position to stipulate what "the main point of using a password manager" is - you could say that "x,y is how we intended for our clients to use 1Password", but anything else seems rather arrogant if you are not all-knowing about all different use-cases. In terms of value-per-money, that is also a decision that I believe is best made client-side.

Anyway. If you are not able to confirm that an opt-out feature for (hopefully all) watchtower options (is the reference to the infamous Jehovah's Witnesses magazine intentional?) is under development and will be released soon, I'd rather spend my time with services from your competitors who offer that kind of functionality.

@Ben Thank you for the extensive answer.

For reference: https://en.wikipedia.org/wiki/The_Watchtower

There's actually a nice parallel in there: At least in Europe, Jehovah's Witnesses are infamous for door-to-door "marketing" of their belief, and they will try to convert you as soon as you open the door. So in a way, the name of your service is fitting, as it provides (potentially) unwanted information that you are forced to consume, and it gets annoying over time. :)

@mgrad92 I'm done, sorry about the unintentional spam.

https://1password.community/discussion/117330/provide-an-option-to-ignore-some-weak-passwords
https://1password.community/discussion/91141/disable-watchtower-banners-in-7-0x/p2

any update?

Just to add another +1 to this. At work I have to have three separate logins with the same password to handle the different username formats. It disappoints me that 1Password have not come up with even a simple solution to this in adding a label or for example ignoring it if the duplicate is in a linked entry.

Reading the threads about this, it feels like it's one of those extreme usability features that affect a subset of people, but not the workers at 1Password, and therefore it's not viewed as a priority. That's disappointing. There's no excuse for at least a basic option to not be available during the lifetime of a thread like this.

I'm also incredibly frustrated by this. This is the definition of alert fatigue. By removing our ability to silence these warnings (because they're all linked to LDAP/AD, and thus not actionable), you're training your users to ignore Watchtower alerts. Which is depressing, because Watchtower is a big selling point for 1Pass. It's just unusable for a large portion of your customer base because it's full of false/unactionable alarms.

Please will you just add tags or some sort of override option for all of the different Watchtower checks so that we can disable them when they aren't necessary? Some use-cases:

1. Accounts linked to LDAP/AD: Adding them under a single entry reduces 2FA usefulness (since only the first 2FA entry auto-fills), and doesn't account for different username formats.
2. Internal Web Portals: For many local-network-only web portals (like routers/Plex/etc.), it's not easy or necessary to setup HTTPS for them. We should be able to disable these alerts.
3. Hardware Security Keys: When I use a hardware security key on a site that supports them, I still get a 2FA banner warning, because 1Password has no idea I've configured 2FA. We should be able to disable these alerts.

@jack.platten - Do you have an ETA on when we can expect a fix for this? Even just a temporary one, like adding tags for the other watchtower categories?

This thread is more than 3 years old at this point, and your business customers - who work within an environment where SSO is considered mandatory wherever it can be implemented - are still waiting on you to even choose a possible option for a fix for this issue. I think it's preposterous that a company like 1Password, that's raised more than $300 Million in funding, is unable to resolve such a simple issue for their most dedicated users.

Can we dispose with the "we're looking for how to best solve this issue" language? It's pretty clear that 1Pass just have no intention of solving this problem at all. I think we would all appreciate an honest answer more than this running around in circles.

Do you plan on solving this problem or not? You have one of the most expensive password management solutions on the market. There are no excuses for failing to solve for this incredibly common use-case.

@ag_ana Understood. This may not be a priority for you, but it's been an ongoing problem for our business's corporate security team. On that basis, I'll be switching to Bitwarden personally, and I'll be recommending to our CorpSec team to switch our enterprise over to Bitwarden as well.

This is extremely disappointing for a long-term customer, but if you don't want to fix the problems with your product, we'll go with a provider that will (and they're much cheaper, too!).