Vulnerable Passwords, mark some sites as OK?

Options
[Deleted User]
[Deleted User]
Community Member
edited February 2022 in Lounge

My very small local library has 3 different websites that are used for different purposes.

The password is the exact same for all 3 websites, but they have different URLs.

The password is your Patron Number when you were set up to borrow. For example, I was Patron #567 to get my library card.

Of course, these 3 sites have "Vulnerable Password - This password appears in a database of exposed passwords."

Is there a way to mark these 3 sites as OK, or just put my Patron number password in the Notes?

1Password Version: 7.9.828
Extension Version: Not Provided
OS Version: Windows 10

Comments

  • Jack.P_1P
    Jack.P_1P
    Options

    Hi @F150:

    Thanks for asking! While there currently isn't a way to mark a password to be ignored by Watchtower, it's definitely something we're aware of, and I've added your feedback to our internal tracker on the subject. 😀

    Jack

    ref: IDEA-I-231

  • [Deleted User]
    [Deleted User]
    Community Member
    Options

    OK, thank you very much. I raise you 2 smiley faces 😁 😁.

  • bhanafee
    bhanafee
    Community Member
    Options

    I too have some passwords that are both weak and unfixable, and would like to stop seeing them in Watchtower reports because they can potentially obscure new weak passwords that can be fixed. How about something similar to the 2FA tag hack, like a WEAK tag that filters out the entries from the Watchtower report while still making them easy to find?

  • [Deleted User]
    [Deleted User]
    Community Member
    Options

    Funniest thing, I think I found the solution on Reddit...

    https://reddit.com/r/1Password/comments/sst6r0/password_ratings/

    One trick to avoid duplicate password warnings for local stuff like that is to add multiple website fields to a single login item, and it will auto-fill that same password in all of them. It just assumes they have the same username. e.g. if you used the same login for your router, NAS, Raspberry Pi, etc. then you could add the IP addresses or hostnames for all of them to a single login item.

    But this trick should only be used where they really are not internet facing. Otherwise, use unique passwords.

    My bold, and I don't have time tonight to test.

    Thanks to Reddit u/lachlanhunt

  • Ben
    Ben
    Options

    That likely would work so long as the sites have the same username and you don't need to keep track of any unique details about them. As the poster warns, it is not great from a security perspective, but if you have no other choice...

    Ben

This discussion has been closed.