Ignoring Weak Passwords

lerokie
lerokie
Community Member

Hi all,

I found this thread that is already closed but with no solution... (https://discussions.agilebits.com/discussion/68168/suggestion-ignore-weak-passwords/p1)

Let's say I have accounts with a weak password that I cannot change. I don't want Watchtower to remind me (shame me) about having a weak password I cannot do anything about. Can you please add a tag (just like you do for 2FA items) to ignore weak passwords for those accounts?

Thanks!


1Password Version: 7.0.4
Extension Version: Not Provided
OS Version: Mac OS 10.13.5
Sync Type: Not Provided

«13

Comments

  • hawkmoth
    hawkmoth
    Community Member
    edited June 2018

    I have an login like that. I was assigned the username and password by the site operator, with no way to make changes in either. I rather like being shamed about it, though. ;) It reminds me of their insecure policies. Same as sites that refuse to accept pasted-in credentials.

    I do get your request, though.

  • JadC
    JadC
    1Password Alumni
    edited June 2018

    Hi @lerokie, thanks for the suggestion! We will definitely explore this for a future release.

  • scarpent
    scarpent
    Community Member

    There is a 2FA tag that can be used to suppress the 2FA warning. Perhaps a similar tag, something like "weak exempt" could do the same for weak passwords.

  • Lars
    Lars
    1Password Alumni

    @scarpent - yep, we're looking into the best way to do this without giving users the ability to inadvertently turn off warnings they SHOULD be receiving. Stay tuned for updates, and thanks for the idea! :)

  • Philip Heart
    Philip Heart
    Community Member

    +1

  • Lars
    Lars
    1Password Alumni

    :) :+1:

  • Pe4enie
    Pe4enie
    Community Member

    One more example would be usecase like mine - I have lots of weak password I use for test accounts during work, but those are only accessible from withing the company network, so I would like an option to ignore certain domains from giving me those warnings.

  • Lars
    Lars
    1Password Alumni

    @Pe4enie - thanks for the feedback. :)

  • cnasarre
    cnasarre
    Community Member

    +1
    some sites do not let you choose strong password (only numbers like some banks, social security) hence 1PW warns about weak password that we cannot make stronger.
    definitely a specific tag would really help - maybe with a strange name like IWPBNPSSP (Ignore Weak Password Because Not Possible to Set Strong Password)

  • Lars
    Lars
    1Password Alumni

    @cnasarre - thanks for the suggestion! I vote for IWPBTSSWAMTPGS ("Ignore Weak Password Because This Stupid Site Won't Allow Me To Practice Good Security") ;) -- but seriously, folks, we get you. This remains an issue for (thankfully) a tiny minority of sites, but an issue nonetheless. Our developers are exploring ways we can allow such comparatively rare sites to be dealt with in a way that doesn't also wind up defeating the purpose of the warnings altogether. Stay tuned! :)

  • jakobhviid
    jakobhviid
    Community Member

    +1

  • AGAlumB
    AGAlumB
    1Password Alumni

    :) :+1:

  • gandalf_saxe
    gandalf_saxe
    Community Member

    Also vote for custom tag to suppress warning for items you have no control over. Then I could take every single warning seriously, which would be a nice shift :)

  • AGAlumB
    AGAlumB
    1Password Alumni

    Thanks for chiming in! I think we might take a different approach to tags in the future, so we can free those up for their original purpose, but we definitely want to offer more control in this area. :)

  • quickxlr8
    quickxlr8
    Community Member

    I have a bit of a different scenario that could use an ignore tag. I have a few accounts that are closed and don't want to delete for historical purposes that are showing up in Watchtower.

  • Lars
    Lars
    1Password Alumni

    @quickxlr8 - thanks for weighing in. :) For the present, if these items have passwords that are duplicated in other accounts, you could remove the password item from the closed, no-longer-needed account and leave yourself a note in the notes field to the effect of "see _____ password." That would remove any Reused Password banner for you. And if it's simply a weak password for a closed account where the password is not in use anywhere else, you could copy it out and paste the password itself in the notes field, which would remove the "Weak" warning. Or you could create a Secure Note or even spreadsheet or other document with username, password, title, etc -- whatever you wished, and keep that as a Document item. If these accounts are old and closed, this wouldn't pose any kind of security risk for you.

  • quickxlr8
    quickxlr8
    Community Member

    @Lars - The copying the password out and pasting in the notes field seem to work fine. This is definitely going to help me clean out my Watchtower items. Thanks! :)

  • On behalf of Lars you're most welcome. :)

    Ben

  • ag_ana
    ag_ana
    1Password Alumni

    We appreciate your feedback @sbarnea, thank you!

  • leomichine
    leomichine
    Community Member
    edited September 2019

    Hi, is there any update on that?

    I do need possibility suppressing that warning as some passwords I store cannot follow any pattern 1P considers strong (limitation of a system like some banks or test/shared passwords) although I would like to see if there is a password I could actually improve.

  • AGAlumB
    AGAlumB
    1Password Alumni

    It's something we're looking into, but in a way that's flexible and benefits all 1Password users. We've really reached the limit of the current approach, so we want to make sure that what we do going forward is more sustainable. :)

  • fieten
    fieten
    Community Member

    This issue is now open for 1,5 (!) years. And it's still annoying. How long should we "stay tuned for updates"?

  • Hi @fieten,

    I wish I had a good answer that I could give for that question, but even if I knew I wouldn't be in a position to share. We have a policy here of not discussing features before they're completed. We don't pre-announce features, or issue timelines. As others have mentioned above it is something we recognize the desire for, and hope to be able to address that desire at some point, but we want to be sure we're doing so in a responsible and robust way if we do.

    Ben

  • Dan_Aykroyd
    Dan_Aykroyd
    Community Member

    Hi,

    I see you've been "looking into this" for the past couple of years...

    I'm really looking forward to this feature, since I have a lot of banking sites with 8-number only passwords that I can't make stronger and are contaminating my "Weak Passwords" list in Watchtower, which would be great to target it to be 0 (by making all the other possible passwords stronger), but I wouldn't ever be able to achieve that in the state this issue is right now.

    Thanks.

  • ag_ana
    ag_ana
    1Password Alumni

    @Dan_Aykroyd:

    Thank you for sharing your use case with us :+1:

  • DennisC12
    DennisC12
    Community Member

    I'll +1 this as well. As a web developer I have dozens of websites that are only periodically hosted locally (or at most temporarily shared on a LAN for testing). No need or desire to give these strong passwords as they are purely functional and protect nothing of value.

    Having dozens of "terrible" (as 1PW likes to mock me for) passwords just causes me to completely ignore Watchtower as I am not gonna go through the list every so often just to to check if there's an actual risk in there.

    I am kind of surprised that this apparently has no priority at all, because getting people to ignore your warnings is dangerous and makes one of your core features basically useless. I hope my 2 cents help :)

  • ag_ana
    ag_ana
    1Password Alumni

    We appreciate your feedback @DennisC12, thank you!

  • JSTee
    JSTee
    Community Member

    I would like to +1 this as well, for the same reasons as above. There are some passwords (or codes) that I can't change that are reported as being weak, thus corrupting the weak passwords feature.

    Regards,
    John

  • ag_ana
    ag_ana
    1Password Alumni

    Thank you for chiming in on this too @JSTee :+1:

This discussion has been closed.