Reused password warning

For work, I have two different sites that work off of the same password. Literally, if I change the password on one of them, it automatically changes for the other. And I have to change that password every 90 days.

Now, every time I change it and try to make both entries work (with the same password) I get the annoying Orange box that tells me
REUSED PASSWORD
Don’t use the same password on multiple websites.
Generate a unique password to improve security.

and I can't figure out a way to make it go away.

Someone please tell me that there is a way to tell it that I KNOW it's the same password and it needs to shut up about it? :D ;)

Thanks!


1Password Version: 7.2.4
Extension Version: 4.7.3.90
OS Version: OS 10.14.2
Sync Type: Not Provided

Comments

  • LarsLars Junior Member

    Team Member

    @lotsofjoy - unfortunately, there isn't currently a direct way to suppress this banner, as there is with the Inactive 2FA warning and the Unsecured Website banner. One thing you might consider doing is adding one of the sites into a secondary website field in the first item, then deleting the second item. That would remove the banner, but it would also mean you wouldn't have a dedicated item for the second site. There are trade-offs either way. If it helps, we are looking into ways to make these warnings suppressable on an item-by-item basis, but I don't have anything to announce on that score just now. Thanks for your patience and sorry for the inconvenience.

  • One thing you might consider doing is adding one of the sites into a secondary website field in the first item, then deleting the second item.

    This really only works if all of the applications/sites share the same username. From my experience, it is pretty common to use LDAP, AD, or SSO to synchronize password across various applications, but then those individual applications may still have their own slight variations of usernames.

    Like a good example is your Enterprise WiFi taking DOMAIN\username, your email account taking [email protected] and your bug tracker or something taking just username.

    Being able to remove the Reused Passwords banner for these items would be really great. The first suggestion that comes to my mind is the Link existing functionality. Perhaps if two accounts are linked as related items, the banner should not appear?

  • LarsLars Junior Member

    Team Member

    @angellusmortis - it's definitely not a perfect solution, but it will work in many cases -- just not the ones you outlined (and a few others). However, as I've mentioned a few times in multiple threads on this topic, we're looking into more-durable ways to allow users to manage these warnings without defeating the entire point of having them present. Stay tuned to the updates and their release notes for new developments on this issue, and thanks for taking the time to share your insights on this issue with us. :)

  • Thanks for the feedback. All I care about is that you guys are working on a solution to manage the warnings.

  • LarsLars Junior Member

    Team Member

    :) :+1:

  • Or should I just save a single entry called "work domain account" and just use that to fill in websites i know use the same account?

  • LarsLars Junior Member

    Team Member

    @mnOUs3y - you would need to be sure to add the correct URLs to the various services into the Login item, and you would have to click the specific URL you need to launch that site and fill the credentials, but yes, that should work for most setups.

  • edited March 14

    Like a good example is your Enterprise WiFi taking DOMAIN\username, your email account taking [email protected] and your bug tracker or something taking just username. (angellusmortis, 29 Jan 2019)

    I came here looking for a solution to precisely this issue: Kinda-sorta-single-sign-on that can't agree on what the username should be.

    If I could pair the Websites with their Username, I would be able to get away with the suggested solution.

    As it is, I think I'm going to wind up with exactly 3 different entries duplicating the SSO password, one for each of the variants angellusmortis called out: realm\user, user, and email.

    If things improve around this in future, or we gain a way to "indirect" the password ("password is the password from this related login item"), I'm all ears. :)

    Edit: I see this isn't a new request: https://discussions.agilebits.com/discussion/comment/487522#Comment_487522 came up with the same two workarounds.

    My original search for this was something along the lines of 1Password ActiveDirectory LDAP reused password warning, and it had no hits then, but it should now. ;)

  • BenBen AWS Team

    Team Member

    @jeremywsherman

    Thanks for adding your thoughts on this. We have some ideas we've been brainstorming on to try and address this. I can't make any promises at this point but we do have one idea that seems to have bubbled to the top and I think we may be able to give it a try. I'm sorry I'm not in a position to be more specific than that at this point. Hope to have more in the near future.

    Ben

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file