Resolving security audit items... by ignoring them! :D
I would really like the ability to "hide" or "ignore" or "mark as acknowledged and stop notifying me" for data found by the 1Password security audit. I see there is a discussion here from 1 year ago about adding this feature, and although the official response said you were considering this, apparently nothing has happened with that in the intervening year.
Just an "acknowledged" to grey-out the listing in the audit and remove the badge/count from the audit category would be nice.
- Watchtower tells me I have two passwords that may have been compromised. One requires the installation of software to change (which I'm not going to reinstall), the other is a shared MediaFire account that probably could and should be changed, but it's not mine to change and is not likely to get changed. So they just sit there with a warning on them forever.
- I have two weak passwords. One is for a comments section on a single website and, apparently, cannot be changed. The other is an account I never use for a deprecated website, which required getting special permission and then contacting an admin to change it even before the admins stopped responding. I want to keep and use these, but I cannot fix them. So those two just sit there with a warning on them forever.
- I have 9 duplicate passwords, all of which involve either the passwords mentioned above that I cannot change for whatever reason, or accounts shared with someone fond of re-using her passwords. I cannot change them (unless I can convince the owner, which is not likely; I keep telling her to get 1Password and change them though!). So those passwords just sit there with warnings on them forever.
- I have 5 items in the "3+ years old" category. One of them is my Social Security number, which I will not be changing (and I trust a future update will be ignoring automatically). These, again, cross over with passwords I cannot change but must nonetheless keep on file for use. So they just sit with warnings on them forever.
I don't want to completely delete these items, as I may someday need those passwords, and some of them are actually still in daily use. I also can't really fix them because the passwords are either unchangeable due to bad programming/design on the part of the site/service, OR they belong to someone else and are not mine to change. I just need to tell 1Password there's nothing more I can do, so please stop warning me about them. An "It's not right, but it's okay" button! It would even be beneficial to list them, grayed out, with a note on why they cannot be fixed. Maybe even a new security audit folder I can drag them to: "Unchangeable," "Shared account," "Ignored," etc.
I just want those audit counters to read 0 unless there's something I could do to fix it! :D
1Password Version: 5.3.2
Extension Version: Not Provided
OS Version: OS X 10.10.3
Sync Type: Dropbox
Comments
-
Hi @iynque,
I see we have a few tickets that relate to some of your requests e.g. OPM-1990 for excluding SSN and similarly OPM-1004 for ignoring credit card PINs. We even have OPM-1774 for removing to flag an item as ignored by Watchtower but it specifically mentions Watchtower rather than the more generalised Security Audit section which is what you're after.
Searching the forums can be a bit hit and miss sometimes, especially with older threads. Do you happen to still have a link to the thread you refer to? I'd like to see if I can track back from there as I wasn't part of the team a year ago.
0 -
Thanks, LBT (nice name by the way; recognized it without the avatar image :D). The forum post I saw is here: https://discussions.agilebits.com/discussion/26292/suggestion-ignoring-watchtower-alerts-for-some-accounts-under-consideration
I actually went through another round of contacting admins and searching for help to change or at least invalidate passwords. A few more responded and helped me, but at least one site only has one contact (for which I had to download another messenger) and I've had no response yet. My problem is somewhat lessened with more warnings resolved, but I'd still like that "it's not right, but it's okay" button :D
0 -
Hi @iynque,
Thank you for that link. Now the request in that thread hasn't been added yet and that one relates to OPM-1774 which we have marked down as specifically for Watchtower notifications. That's important because even if we implemented it tomorrow it wouldn't help with most of your situations you detailed. We have Watchtower as just one part of the Security Audit feature and you're more wanting a general ignore flag for all security auditing than just Watchtower.
As such I've created a new feature request and linked it to all of those I've found so far, almost like an umbrella request where this one should cover all of them. I've also added that it's far easier to notice changes in the Security Audit if you don't become used to seeing numbers and learning to ignore them, a good motivation for this request I feel. I can't make any promises I'm afraid but I do see your point of view and I can see how this might help our users at large so here's hoping :smile:
ref: OPM-3156
0 -
Just wondering if there is an update to when an expected Security Audit fix might be headed our way! More specifically that Security Audit only looks at Logins and filters through SSN's, credit cards etc. It's a great feature, and this would make it even better :)
Thank you.0 -
Hi @iamecho,
Thanks for taking the time to ask about this! I'm afraid I don't have anything new to report about the Security Audit improvements. Our developers haven't forgotten about that, and they would certainly like to address this in a future version - I just don't have a timeframe for when that will happen. I'm sorry I don't have more info to share with you right now! But I'll be happy to add your comments to our internal tracker to let our developers know those improvements would also be helpful for you.
If you need anything else, please let us know! :)
ref: OPM-1774
ref: OPM-31560 -
I would love for 1Password to proactively notify me of anything that pops up in my Security Audit rather than me having to review it periodically to see if there's anything I need to fix. However, without the feature to ignore certain items, that approach would not be a very good one, as then you would be repeatedly hassling me about things I just want to ignore.
Also, even without notifying, my brain shies away from reviewing my Security Audit section because it knows I'm going to have to wade through the same set of items I can't fix, yet again. And when you've been using 1Password for years, that starts to get really, really tiresome.
So, this is my way of saying: +1 to this feature request! Obviously an amazing product without it, but I see this feature as more significant than it perhaps has been evaluated to be generally, because of the reasons I listed.
And of course once this feature does get implemented, my next feature request will be to get those notifications I mentioned instead of manual review. :)
Thanks for listening.
0 -
Thanks for your feedback @pquimo, those are certainly some good points! I'll be happy to add your comments to our internal tracker.
Aside from that, I'm glad to hear you're enjoying 1Password. If you need anything else, please don't hesitate to let us know. :)
ref: OPM-3156
0
