How do I disable the warning of a reused password?
I cannot figure out how to disable this duplicate or reused password warning in 1Password. How do I disable that warning?
I mean it is pretty annoying. This feature doesn't work for people who use business accounts. Like for me, the account is stored in an active directory on my customer side. For sure, the same password is used for different systems and website of my customer enterprise applications, because they all are connected to the same active directory or LDAP. Just normal single password policy that is used in many enterprises. Also, I am a software developer working for many different clients so I have a lot of shared test accounts, where I am not able to generate for each a unique password.
1Password Version: 1Password 7 Version 7.2.1 (70201002) AgileBits Sto
Extension Version: Not Provided
OS Version: macOS Mojave 10.14
Sync Type: Not Provided
Referrer: forum-search:reused password
Comments
-
Welcome to the forum, @idueppe! I'm sorry for the inconvenience. Currently, it's not possible to disable the Reused Password message. We're looking into ways to make that more user-configurable in upcoming releases without rendering the feature useless at its intended purpose - notifying you if you have a re-used password.
In the meantime, thanks for your patience with us as we work toward a solution. :)
0 -
+1 +1 +1 +1 +1 +1 +1 +1 +1 Get rid of the !$!#! red alert ASAP +1 +1 +1 +1 +1 Thank you :-) :-) :-) :-) :-) :-) :-) :-)
0 -
@StripedTiger - thanks for the feedback. :)
0 -
Just upgraded to 7 today and am really not liking the intrusiveness of the warnings. As a developer I have my reasons for shorter and duplicate passwords and non-https dev setups. It's not helpful, just distracting, preachy and annoying. At least move them to the bottom of the screen and use more subdued colors, but ultimately this should be a user decision to completely turn them off.
0 -
Yes I totally understand the good intention here. It's just too obnoxious for some of us. You can't even dismiss the big red warning! That's the worst. Let us acknowledge it once and go away. Thank you.
0 -
This feature really wasn't thought out.
The generated password is saved, and then I edited my login with the new password (because previous versions of 1PW didn't auto update). Now every login where I had to follow that pattern is now "duplicate password"
0 -
I agree. I came here looking for how to disable, too.
0 -
Thanks, folks - to be clear, there IS a fix coming for the issue of 1Password in some situations incorrectly flagging as duplicates things that are not actually duplicates. But in general, we don't have any plans currently to allow users the option of turning off the Reused Passwords warning.
0 -
Please reconsider that second decision.
Unless you get it exactly right with your fix, this will still flag false positives and continue to annoy your most loyal users.
0 -
@jimbojones2000 - thanks for the feedback. :)
0 -
How about allowing us to add a tag like with Two Factor Auth where you have to add a "2FA" tag to disable the warning?
We have some systems at work where the admin user name is different depending if you use WebGUI or CLI.0 -
Welcome to the forum, @Krupps! Thanks for the feedback, and letting us know your use-case. The problem with any such solution is that its function would be Mac-only. Other setups would not deal with the tag in the same way, and we're trying to avoid platform-specific solutions in an increasingly multi-platform world. We are indeed looking at how something like this might best be accomplished, however.
0 -
Being really annoying when it upsets the customer doesn't seem like a great plan. I have lots of related sites that use the same password. These nodes are related. I also use the same password on sites where security doesn't matter and where I'm going to be accessing them not from home. If I'm willing to take the risk of someone breaking into various preschool message boards, I think that is ok.
Please don’t be so arrogant that you think you know better than I for my situation. I’m going to go back to 1password6 and delete my account for now.
thanks.
0 -
Welcome to the forum, @gek! Thanks for the feedback. :)
Please don’t be so arrogant that you think you know better than I for my situation.
I don't think that, and don't claim to. What we DO have to do is consider all of our users when we design any part of 1Password. Anything else would be malpractice. And we're quite aware that we're not going to be able to please everyone, since our user base is fairly large and diverse. "Power users" are always asking us for more sophisticated options, preferences, check-boxes, etc. And meanwhile, newer users or those who are "not computer people" often find the existing range of options confusing and hard to navigate. Through it all, we have to make our best effort to square that circle when we can, and when we can't because different user-groups' wishes/feature requests are so diametrically opposed, we have to choose what we think is the best solution for the greatest number of users.
I’m going to go back to 1password6 and delete my account for now.
You're welcome to use 1Password 6 for Mac for as long as it's compatible with the other upgrades and changes I assume you'll continue to make to your browser and version of macOS. I can't recommend using a legacy version of any of those things - browser, OS or 1Password - as any kind of reliable long-term strategy, but you're welcome to do so. What you don't have to do is delete your 1password.com membership to return to 1Password 6 for Mac. For now, anyway, you can certainly still use your 1password.com membership in 1Password 6 for Mac -- and the differences with regard to Watchtower and the Reused Passwords notifications aren't a function of - or affected by - whether you're using standalone data or a 1password.com account. Hope that helps. :)
0 -
You are making it so that people who have lots of passwords for lots of systems can't use your product. You used to be a password keeper, not a security model enforcer. You are making to so developers and power users are going to have a hard time using your software but maybe that is the right choice for you guys.
I hope you come to your senses because I've really liked you program for a long while. If that doesn't happen then I hope I find another system that I like as well. And not being able to turn off warnings is very arrogant anyway you look at it.
0 -
Seems some of the responses here are ascribing arrogance where I don't believe any is intended. I've been using 1P since version 2 and have been really satisfied with both the product quality and customer service.
I also understand that more advanced users often like to have more options and that more options can confuse novice users, driving up support costs and down user satisfaction.
That said, I do believe there is an elegant way to solve this issue for users, such as myself and those who've posted here, that would rather not have all the watchtower warnings persist.
If, for example, right clicking on any warning brought up a dialogue with three options: 1) Hide this warning, 2) Hide this and all such warning, 3) cancel.
If a user chose either 1 or 2 a confirmation box would appear to ensure the user intended to make this change. Text could be included about the dangers of proceeding. As importantly, I'd recommend that two new options be included in the Advanced tab.
1) A check box for Watchtower warnings (could be multiple for different types or just a catch-all. This would be checked by default and become unchecked either by a user manually coming to Advanced and doing so, or right clicking a warning and choosing option 2)
2) Reset warnings. This would put back any warnings that were hidden by users right clicking on them and choosing option 1.Anyway...I'm sure there are plenty of ways to skin this cat, but I'm equally sure that Agilebits runs an "Agile" shop which means this is not going to happen until a "Story" is created and placed in the backlog. Then, such a story would need to be prioritized against all the other stories. Until that, as yet unwritten, story makes it into a build sprint, nothing will see the light of day.
So, here's the real question. Is Agilebits willing to even write that story and put it in the backlog?
It's a fair question. For me, I don't like the persistent warning messages, but I can live with them because I have integrated 1P so deeply across all my devices that unwinding all that is much more pain than the messages. Others may feel differently so transparency to whether this feature will make it into the backlog would, in my opinion, be a good thing.
pax...
0 -
@Lars. Please reconsider. It's intrusive and gives (at least in my case) 99% wrong warnings (i do use several websites from the same company where i need to use the same credentials).
How about letting people dismiss the warning (so that it goes away in cases where it doesn't make sense))?
Thanks.0 -
+1 on removing these warnings. At a minimum I should be able to acknowledge the warning, and not have it pop up again for that login. I should be able to use the same password for my bitbucket and github accounts without the incessant nagging.
0 -
Thanks for the feedback, @steffen and @GeezerDude. :)
0 -
Hi Lars,
I'd like to add a "+1" to this conversation. I also found the big red banner annoying. There should be an option to disable it. I know that reusing password should be avoided yet I don't want to see that big red banner every-time I start 1Password0 -
It seems like this is something other people are interested in as well. Is this something you are now considering?
0 -
Please remove this warning message. I WANT TO REUSE MY PASSWORD, It is my choice after all.
0 -
@danily - it is indeed your choice, but you're not our only customer. That warning exists to warn people that they are using a duplicate password. We're looking into ways we can refine it to better accommodate use-cases like yours...but I can tell you right now that allowing people to shut it off entirely is something we're not likely to do. However, stay tuned to the updates and release notes, as this one is on our radar screen. :)
0 -
@Lars. Thanks, would be nice to be given the option for dismissing the warning on a case to case basis – even if that means 99% of the cases for some of us who at least sometimes use ageing brains to perform some thinking and thus, may not need complete robotic supervision... ;-)
0 -
:) :+1:
0 -
I'd like to add another use-case/scenario: sometimes, dealing with archaic services, these services will provide you with a hard-set (and often insecure) passwords which cannot be changed. Often, these services will provide multiple accounts (user ids) for managing/accessing different parts of your account (say "production" and "staging" parts of an account), but will reuse the same password(!!). As egregious as this practice is, it cannot be avoided. It would be great to be able to mark these logins as having unfortunately insecure passwords, and to ignore/hide red warning banners
0 -
Thanks @dhritzkiv. Hopefully such things are few and far between and will continue to deminish as folks learn about proper password hygeine, but your point is well taken. :+1:
Ben
0
