Improvement suggestions

I have few suggestions for improvement, or issues that I currently have.

  • Reused passwords list. 1Password is considering both private vault and shared vault login items as reused passwords. For example I put a website abc.com into my private vault first, then I want to share it with my wife, so I put it into shared vault. 1P says it is reused but actually it is only shared.
  • On the topic of reused passwords, if I generate a password, it saves itself under 'passwords' and login item, thus causing another reused password issue. It should just save itself under login.
  • Weak passwords should have a trigger to make them not weak. For example several sites like sky.de, thy.com, miles-and-more.com, are using PIN codes. Even if I generate PIN codes with 1PasswordX manually or https://1password.com/password-generator/ it doesn't recognize as strong password. I know 4 - 6 digit numbers are not strong but it is due to website restrictions.
  • Vulnerable password status is not changing when I change passwords.
  • Unsecured websites should also have a trigger to not generate an alert. For example my Fritzbox router doesn't have https support for login.
  • For filling passwords on same domain with browser extension or with 1PX, it should remember which login used last. For example I have several accounts on microsoft.com and google.com and it is sorting logins randomly.
  • Ability to share logins with 3rd person. For example, when I generate a login on a service, like one of my VPN providers, I want to share that login securely with my friends. It should provide a safe link, probably secured with a password or PIN code, and should have an expiration date, or has a limit of how much it can be viewed. Like, if friend clicks on that link 5 times, link will delete itself automatically and stop sharing.
  • Not Windows related but on iOS app, username field is not coming on some sites, like microsoft.com. I am entering my email manually and after that password is showing up but it is also showing wrong login for that domain. For example I am entering [email protected] manually on first login page, then it moves to password page. 1Password shows [email protected] instead of [email protected] as primary login item. I have select click on key button, select my correct login, and then it works.
  • Ability to store SSL certificates and able to login with that certificate plus its password. For example https://www.elster.de/eportal/login/softpse
  • Ability to store SSH keys in a separate item.
  • Ability to fill in Windows apps, like iTunes, or Spotify logins or all other apps. For the moment 'type in window' doesn't work at all.

1Password Version: 7.6.776
Extension Version: Not Provided
OS Version: Windows 10
Sync Type: Not Provided

Comments

  • ag_anaag_ana

    Team Member

    Hi @Naxterra!

    Thank you so much for taking the time to write this list! I can tell you that we are aware of some of these suggestions already, and perhaps the Windows developers can add some more details about some of the features you requested and our future plans.

    In the meantime, I would like to address some of the points you raised:

    Reused passwords list. 1Password is considering both private vault and shared vault login items as reused passwords. For example I put a website abc.com into my private vault first, then I want to share it with my wife, so I put it into shared vault. 1P says it is reused but actually it is only shared.

    May I ask why you are duplicating items like this if your goal is to share this login? If there are two copies of the item in different vault, you effectively duplicated the item. Is there a specific reason why you are not simply moving the item to the Shared vault instead? Both you and your wife would then have access to this item, without having two copies of it.

    Even if I generate PIN codes with 1PasswordX manually or https://1password.com/password-generator/ it doesn't recognize as strong password. I know 4 - 6 digit numbers are not strong but it is due to website restrictions.

    I understand where you are coming from here. However, whether this is due to website restrictions or not, 4-6 digit PINs are indeed weak, so I think Watchtower is right in reporting these. Ideally the websites themselves would allow normal passwords instead of PINs, so I am not sure it would be right for Watchtower to simply ignore these.

    Vulnerable password status is not changing when I change passwords.

    Can you please elaborate on this?

  • Heya

    For reused passwords, I am sharing my passwords temporarily, for example when I am on a business trip, I am sharing some of my passwords with my wife, like my Apple password, or Microsoft passwords because sometimes it is not possible to login personal accounts in a business environment. My point is, it shouldn't duplicate, it should just share and I shouldn't do it with moving my login items to shared vaults.

    For PIN codes, there should be a way to make Watchtower ignore specific websites. I understand 4-6 digits are indeed weak but we can't change the way that websites operate.

    For vulnerable password I can give sky.de as an example.

    I even changed PIN today with 1PasswordX PIN generator (because they don't have any other password mechanism) but still 1Password shows it vulnerable password.

  • ag_anaag_ana

    Team Member

    @Naxterra:

    For reused passwords, I am sharing my passwords temporarily, for example when I am on a business trip, I am sharing some of my passwords with my wife, like my Apple password, or Microsoft passwords because sometimes it is not possible to login personal accounts in a business environment. My point is, it shouldn't duplicate, it should just share and I shouldn't do it with moving my login items to shared vaults. My point is, it shouldn't duplicate, it should just share and I shouldn't do it with moving my login items to shared vaults.

    Currently, the way you can do this is by storing an item in the right vault. Instead of copying an item from your Private vault to the Shared vault (even temporarily, which is what I think you are doing), you can instead move it temporarily to the Shared vault. This will make sure that you won't see a warning about the duplicate password, since now you have only one copy of the item.

    I even changed PIN today with 1PasswordX PIN generator (because they don't have any other password mechanism) but still 1Password shows it vulnerable password.

    Thank you for the clarification! I see what you mean now: if you replace one weak PIN with another weak PIN, then Watchtower will keep showing the warning, that's correct. I thought you meant that you replaced a weak PIN with a strong password, and in that case it would have definitely been weird if Watchtower had continued to show you the warning :)

  • Additional request :)

    I imported my logins from Bitwarden but now nearly 400ish logins are considered as Unsecured Websites. I didn't put https in website names but only domain names. Problem is 1Password imported logins and then added http:// to all of them. How can I fix it?

  • bundtkatebundtkate

    Team Member

    Do you still have the export you imported available, by chance, @Naxterra? As a general rule, 1Password won't alter that data so I'm wondering if the http was added as part of the export. If it was, the quickest fix would be find and replace to swap http for https followed by a fresh import. Even if you don't have the export still, but do have the source data, retrying the export with that interim step of doing that find and replace would probably be quicker than manually editing the items Watchtower is whining about.

  • NaxterraNaxterra
    edited August 18

    Hello. I have the export json file. I deleted everything in 1Password vault, then I replaced all http with https in json file, converted to 1pif file, then imported it to 1Password again but now everything is duplicated.

    Edit.
    I exported everything from Bitwarden again, and this time I changed "uri": "http:// to "uri": "https:// instead of just http:// to https://

    Now I have no duplicates but performance is too bad.

  • ag_anaag_ana

    Team Member

    Thank you for the update @Naxterra! Since this is just a performance issue at this point, let's continue this conversation in the other discussion you opened :+1:

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file