Disable Reused Password Notification?

Why is 1Password not offering me a way to disable the reused password notification?

Why is the UX/UI team unaware of the extreme effects this has on usability?

Why is 1password acting like a paternalistic government?

Take my money, store my passwords, Offer me features that I can choose to use. I do not invite you to do more.

This is pathetic. Switching to competitor in 30 days if not addressed.


1Password Version: 7.2.4
Extension Version: Not Provided
OS Version: 10.14.2
Sync Type: Not Provided

Comments

  • LarsLars Junior Member

    Team Member

    Welcome to the forum, @leave1password!

    We tend to respond as well as most humans to ultimatums, and we're also a decent-sized security company with a lot of priorities on our plate, so my suspicion is that we probably won't meet your thirty-day deadline. But regardless of timelines, if you feel another product or solution would best suit your password-management needs, then by all means - assuming your solution isn't sticky notes on your monitor or re-using the same password everywhere - we're happy if you're happy. We want satisfied users, not ones who feel trapped or upset.

    That said, our user-base is large enough that literally every decision we make will delight some users and upset or outrage others, so our usual approach is to take in as much feedback as we can and use our own judgment about the best way forward, knowing that we quite literally can't please everyone.

    Why is 1Password not offering me a way to disable the reused password notification? Why is the UX/UI team unaware of the extreme effects this has on usability?

    This has been addressed in multiple threads in this forum already, so please feel free to browse those if you'd like a fuller discussion of the issue, but briefly, we are indeed aware. What we're looking into are ways to allow greater flexibility for more-advanced users while not allowing newer, less-sophisticated users to turn off warnings they probably should be seeing without being able to just dismiss them in such a way that they may not even know they're no able to see these warnings even when they're appropriate/necessary. But again, since we're not likely to have that concluded within 30 days, you may want to take that into account. Thanks for writing in to let us know your wishes on this issue, and good luck with whatever you end up deciding! :)

  • I could not love this response more if I tried!! Kudos!

    That being said... I add my vote for "an advanced mode to disable notifications for users who know better but choose to live in blissful uncertain insecurity."

    Of course, I'm not one of those per se... (I may have a couple of intentional duplicates, but not as a general practice)... however, there are stubborn people in my life who use 1P more as an "auto-login" system and who will never, ever, ever do as we all recommend by having secure, impossible to remember, and unique passwords for every account.

    Alas, these folks (mostly older and the most vulnerable, I propose) insist on still having only one or two passwords that they know and can remember, and they use them for every account everywhere, only using 1P to track what sites for which they have accounts and to auto-populate the login window for them. They will never change. No matter how much data I present to them, no matter how much I assure them that it's safe and smart. It just won't happen.

    Likewise........ they also won't stop asking me how to make that warning go away, which finally brings this overly-verbose post to its point:

    I understand any organization has to balance the intended method and application of their product with the various real ways the end-users could use the same product. So, while I shall refrain from tyrannical demands of expedited resolution deadlines, I do hope this feature can appear somewhere on the bottom of a developer's "to do" list. :)

  • LarsLars Junior Member

    Team Member

    @eFlat7 - thanks for the kind words! We really don't enjoy disappointing users, despite what it apparently seems to some people. But we've grown to a size where our user base is diverse enough that we sometimes have people advocating for literally the exact opposite things from one another, in different threads. No matter what we do, someone's not going to be happy. :(

    I do hope this feature can appear somewhere on the bottom of a developer's "to do" list.

    It already is, in the sense that we're quite aware there's a decent chunk of users who'd like to be able to defeat or suppress these warnings, and not without reason. It's more in the "we need to figure out how to do this in a way that's secure and works best for everyone" stage, not the "we've got a roadmap and it's happening soon" stage. But yes, it's something we're continuing to look at/work on. Thanks for adding your voice and your positivity to this thread. :)

  • I know I am kind of resurrecting a dead thread, but have you considered an option where an advanced user can tick a box that says "If login is identical in all aspects (modified on, attachments, fields, etc) and is in a different vault, do not display duplicate password warning" or similar? I have shared vaults with different people or persons which include the login to various services (Netflix, etc) and I would hazard a guess that 90% of my duplicate logins fall under this scenario. It would be great if a starting point was to eliminate identical login entries from the list!

  • brentybrenty

    Team Member

    It's something to consider, but the problem is that most of the people requesting this sort of option are not dealing with completely identical items, so it wouldn't help very many folks. I think we need to allow for some flexibility.

  • +1 I get this everywhere because of duplicate Vaults, that I don't want to remove yet.
    Actually, it feels like a bug that a Vault excluded from All Vaults is considered for duplicates.

  • brentybrenty

    Team Member

    @roninXpl: We definitely want 1Password telling the user about any duplicate passwords it knows about. Otherwise I'm not sure what a "Duplicate passwords" feature would be good for. I'm curious why you're hanging onto duplicate vaults when it sounds like you really don't want that.

  • Suggestion: While waiting for the muse, perhaps change the text of the warning message to something more polite and less bullying in tone? Maybe: "reused passwords are insecure, you may wish to consider changing your password". I bristle every time the current warning appears and obscures part of the window! Just a thought...

  • ag_anaag_ana

    Team Member

    Thank you for your feedback @krysteaux! I still feel that, in case of a reused password, the recommendation should be "change it" rather than something softer, but I see where you are coming from :)

  • I really hate this alert. I have tons of vaults, copy passwords for archive purposes, rename them and keep the old one too (for archive purposes), etc. I categorically need to be able to disable this one universally and prospectively.

  • brentybrenty

    Team Member

    copy passwords for archive purposes

    @AgileByte: Can you elaborate on that? What are you trying to accomplish? It sounds like you might be better served by the mere fact that changing the password in a Login item keeps the old ones under "previously used passwords".

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file