How to disable warnings ?
Hi, to my understanding it is not possible to disable warnings such as weak password and vulnerable password ? Why not ?
There's a number of scenarios such as testing where such "insecure" passwords wouldn't be a problem.
Do you guys think this will be supported in the future ?
1Password Version: 7.2
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: iCloud
Comments
-
Hi @feliperubin!
Why not ?
We think that it's the job of a password manager to alert users when passwords are weak or vulnerable, as that's one of the main problems when it comes to account passwords.
However, we are looking at ways to make these more flexible, we just want to make sure that we do this properly without potentially lowering the security for less technical users who might be relying on these warnings to keep secure online.
0 -
@ag_ana I do understand where you come from, but I've just imported over 400 passwords and there's so much warnings that I don't even know where to start. I'd argue that at the very least there should be an option on the advanced preferences for disabling these warnings.
0 -
I was in the same situation, albeit with ~200 imported items; I originally wanted to just turn off the warnings but that felt like sweeping the problem under the rug.
Instead, I spent 20 hours actually fixing ALL of these warnings; yes that means weak and reused password, enabling 2FA, the whole deal. And I feel so much better after having done so! :chuffed:
0 -
but that felt like sweeping the problem under the rug.
Indeed. :) Glad to hear you found a better solution. After all, why use a password manager if you aren't going to improve your password hygiene? Certainly taking a block of time and powering through it is one approach, but that can feel daunting. I'd suggest taking it a small chunk at a time. As you log in to various sites, if there is a problem with that account, consider fixing it.
Ben
0 -
Thanks guys, I indeed need to reserve some time to fix this, but in the mean time I've open another thread about some issues I'm facing. I won't fully use 1Password until 100% sure it will work correctly.
0 -
@feliperubin - I suppose to some degree it depends on what you mean when you say "work correctly." If you're expecting 1Password to do things it was never designed nor intended to do, then it won't meet those expectations, either now or in the future. We'd certainly be interested in hearing your feedback regarding 1Password, assuming you intend to use it. But if the presence of Reused Password warnings (or anything else, for that matter) make 1Password unsuitable for you in your opinion, then that's OK as well. Let us know.
0 -
@Lars , sorry I wasn't clear. I was talking about this issue
0 -
:) :+1:
0 -
Thanks for your perspective, @Hanterdro. :+1:
Ben
0 -
-
Thank you for sharing your thoughts on this @speakincode! Recurring warning could certainly be an alternative option. We will keep that in mind :)
And welcome to the forum!
0 -
I just upgraded to 1PW v. 7, in preparation for OSX Catalina. I find these warnings to be exceedingly annoying. Telling me that my Amazon password is also used by audible.com; without any means of disabling, is absurd. (just one example.) There are multiple cases where a company's affiliated sites use a common login. By providing an overload of warnings, the end result is that I tend to ignore ALL warnings. Let me focus on the truly critical issues, and quit pestering me about items that want left alone. It would be far better if you provided a means of selecting what types of warnings I want displayed. Perhaps a quarterly pop-up suggesting that I perform a complete security check (without forcing me to change my PW settings) while allowing me to avoid continuous warning overload. The current implementation is something that may eventually drive to to utilizing a different PW manager.
0 -
Hi @bwulfe
without any means of disabling, is absurd.
You can typically fix examples like this by adding the URLs for each website to a
websitefield on one Login item, and then deleting any others with those same credentials. For example:
By providing an overload of warnings, the end result is that I tend to ignore ALL warnings.
This is indeed a concern, and we have been brainstorming about how we can help reduce "warning fatigue" without reducing the value this feature provides. Reused passwords are one of the biggest reasons for individuals having their accounts compromised.
Ben
0 -
With over 1000 records; that is going to be a tedious chore to merge all affiliated groups into single records - per group. Another warning annoyance is being told that logins for various hardware devices are using weak passwords. These devices, typically do not support strong passwords and I can not make the hardware accept what you determine to be a secure password. I tire of seeing warnings over something that I have zero control! At a minimum, let your users choose to ignore warnings on a per-device / per-site basis.
0 -
I badly miss an option to suppress password weakness or multiplicity too.
I usually face situations as follows:
I don't manage the passwords my 1password complains about. Those are commonly team-wide shared passwords from development environments developers and testers need to know by heart and this is why such passwords are weak or re-used. There's no reason for making these passwords strong and unique.
The reused password belongs to a single LDAP or SSO driven identity but login names differ among servers or domains. There is one login name for Gmail, another one for GitLab and another one for different web applications. Somewhere the login name contains a domain name whereas elsewhere it doesn't. So it is not applicable merging log-ins into a single one adding web URLs of different applications to the single log-in entry. I would need to add different login-names too which would make no sense.
So if you started a discussion about these security warnings and related configuration please keep in mind my points.
Thank you0 -
Thank you for taking the time to share this feedback with us @jan_lender!
And welcome to the forum :)
0
