Disable Watchtower banners in 7.0x

ToddF
ToddF
Community Member

In version 7.0x: Can we have the option to disable / enable Watchtower banners (weak password, etc.) in preferences On/Off? I don't want to be constantly prodded to change weak passwords for websites that I don't care about or are of no consequence to me. Sometimes I just want to store insignificant website addresses and passwords in 1Password for the centralized convenience. And sometimes I want to turn it on and start tackling those weak passwords. I'd just like to have the choice.


1Password Version: 7.02
Extension Version: Not Provided
OS Version: OS 10.13.4
Sync Type: iCloud
Referrer: forum-search:Disable Watchtower banners in 7.0x

«1

Comments

  • Lars
    Lars
    1Password Alumni

    Welcome to the forum, @ToddF! You're not the first person to ask for this ability, and we're currently looking into ways we can implement this best. It's not just websites you don't care about, it's also that in some cases, you're forced by the site itself to use a password that Watchtower considers weak. What we're working to figure out is how to do this in a way that allows users some control over the display of Watchtower banners (which definitely take up screen real estate, particularly in the much-smaller confines of the mini), without risking the potential of allowing users to inadvertently "shut off" a critical feature they think is turned on and functioning. Stay tuned, and keep an eye on the release notes for updates. And thanks for taking the time to visit and share your wishes.

    ref: apple-1293

  • PaulShark
    PaulShark
    Community Member

    This is not a "critical feature", but the most annoying and irritating feature in version 7. Just let the user decide. I do not want to be treated like a child. Certainly I will give up 1Password, if this cannot be switched off and demand my money back.

  • Lars
    Lars
    1Password Alumni

    Welcome to the forum, @PaulShark! Thanks for weighing in on the subject.

  • greenery
    greenery
    Community Member

    Why is there a date without a year on this thread? I don't know if this is relatively current or a year old. Almost as irritating as the watchtower alerts which are pretty damn irritating.

  • If no year is listed it was posted this year. :)

    Ben

  • tbosserman
    tbosserman
    Community Member

    Please Please PLEASE give us the ability to disable this montrosity. It shows every password I have as a duplicate. When I bring them up in watchtower, NONE are duplicates. How can I make it stop??? I'm seriously thinking of downgrading to 1Password 6 just to get rid of the meaningless red banner on every password.

  • Lars
    Lars
    1Password Alumni

    @tbosserman - thanks for weighing in; I believe we've discussed this in the other thread you opened on the subject. :)

  • bobio01
    bobio01
    Community Member

    Has this been accomplished yet? The Reused Password banner is driving me nuts.

  • It has not.

    Ben

  • RJS33
    RJS33
    Community Member

    I have had enough of Watchtower Banners. I will use another Password App until I can delete this dumb idea.

  • Lars
    Lars
    1Password Alumni

    @RJS33 - please don't post the same thing in multiple threads, as it slows down support times for everyone, including you. I've answered your other post about this same topic.

  • bobio01
    bobio01
    Community Member

    ?? I’m not RJS33, but you sent your response above to my email. I like your program and continue to use it. I will rejoice however when you provide me a way to eliminate those banners.

  • Lars
    Lars
    1Password Alumni

    @bobio01 - Apologies for the confusion; since you've participated in this thread, you will receive updates to it. That usually doesn't wind up lasting very long, since most threads close after a few replies.

  • bobio01
    bobio01
    Community Member

    ?? I’m not RJS33. I like your program and continue to use it. I will rejoice however when you provide me a way to eliminate those banners.

  • bobio01
    bobio01
    Community Member

    Thanks! Sorry about my confusion.

  • Lars
    Lars
    1Password Alumni

    @bobio01 - no worries! :)

  • saudm
    saudm
    Community Member

    I would love to see this implemented for each Watchtower feature similar to the 2FA detection/control as minimal viable release. I would at least be able to supress the banners based on my own logic/knowledge through tagging.

    For example, there are certain website (WiFi Captive Portals) where I don't really care if they use http versus https as all the account details I use on the portal are meaningless (I just want to get online :) ). One tag per detection/feature of Watchtower would be great...would save me from trying to disable Watchtower (as I do want it for >90% of my logins).

    Also - without the ability to supress the notifications, it also reduces the "Signal To Noise ratio" of Watchtower. If I have a vulnerable password as I'm forced to use that password from the website (to use Lars example) however the risk is acceptable to me based on what that website is. The noise problem comes in that I have a persistent 1...it's hard to tell when that flips to 2 so I'm more likely to ignore it as I cannot reconcile the alerts/notifications. The banners also become ignorable/noise. That ultimately reduces the value prop of Watchtower.

  • Lars
    Lars
    1Password Alumni

    @saudm - thanks for weighing in on this one. As was mentioned earlier in this thread (and mulitple others), we're looking at ways we can make the feature more flexible for "power users" without losing its effectiveness for everyone. I don't have anything to announce on that score just yet, but it is actively being worked on. Thanks! :)

  • saudm
    saudm
    Community Member

    That's cool - largely just wanted to "follow" this thread for any updates, couldn't figure out how to do that without posting...so I thought I'd at least post comprehensive ask. :)

  • Lars
    Lars
    1Password Alumni

    :) :+1:

  • BLD
    BLD
    Community Member

    @Lars I'm aware now of the magic 'http' and '2FA' tags to disable those Watchtower warnings. Are there any others? I tried 'vulnerable' to get rid of that particular Watchtower warning to no avail. Unlike some other opinions here, I think Watchtower's aggressive stance is great. But I really do want the ability to turn it off on a per item basis once I've investigated and decided the warning can be disregarded.

  • Lars
    Lars
    1Password Alumni

    @BLD - there aren't, presently. http and 2FA are the only tag-based ways to dismiss banner warnings. We've resisted adding other tags for some of the very reasons I enumerated above. I really can't say I have a good handle on what will be coming down the pipe on this, only that we're not done, and that it will only end up with more tag-based solutions if we just can't figure out a better way.

  • objc
    objc
    Community Member

    we're looking at ways we can make the feature more flexible for "power users" without losing its effectiveness for everyone.

    A simple checkbox in Watchtower settings would suffice. If you're worried about most users unchecking it carelessly, make it only appear if you open settings while holding down option or something. Anything is better than forcing such an obtrusive, condescending feature on paying customers.

    I get the feeling 1Password thinks it knows better than its users in this instance, and that these annoying banners improve overall security by continually warning users about their reused/weak passwords. This a false assumption, and a grave mistake, for the same reason some a company IT policy forcing employees to change their password every 6 months is a mistake: it causes users to circumvent the security measure entirely instead of getting them to actually choose a strong password each time (for example, by choosing easily rememberable (and guessable) passwords like fido1 then fido2 then fido3, and so on).

    In this case, such an intrusive feature is alienating some of your users instead of protecting them. I, for one, would rather go back to using Notes.app on my phone than have to deal with seeing the Watchtower banners everywhere.

    At the least, it is comforting to know that this concern is being actively worked on, as you mentioned.

  • Lars
    Lars
    1Password Alumni

    Welcome to the forum, @objc! First of all, thank you for taking the time to register and post this here; I know it's not always easy or convenient to know how/where to address a company when you have issues with an aspect of their product, especially if you want to feel as if your words aren't being wasted or misplaced. So let me set that aside right now: we value every bit of constructive feedback we receive here. And by "constructive," I don't just mean that we skim off the good stuff, pat ourselves on the back, and ignore the complaints, just that "this sucks!" isn't particularly helpful, whereas the type of negative feedback you just provided is much more useful to us. So...thanks again.

    As you can see from just this thread alone (and there are several others on the same topic), you're also not the only person with the same perspective on the issue. We don't take that lightly, and in fact I raised your post specifically in an internal call just earlier today. I can't say what will be the end result of internal discussions (not because I refuse to tell you, but because I genuinely don't know at this point), but I can say that you and others here have made the case quite well that there are indeed circumstances where it is either preferable or unavoidable to have duplicated passwords, and having a way to suppress these would certainly be welcome.

  • wjhicks
    wjhicks
    Community Member

    Just chiming in....

    I have been a 1Password user since 2008 and I am not a big fan of these notifications. I am a sys admin and I don't even have the ability to change a lot of these passwords that are "reused" (well I don't have permission honestly, I probably could change them but I'd get yelled at). Should there be dups/reused passwords?... no probably not. But certain IT environments require common passwords for things. Managing a disk array is not not going to have LDAP or AD setup to manage users who need permissions to manage very low level disk arrays or volumes. It's going to have an admin account that everybody knows the password. And I am not worried about the password being hacked since it's on a private VLAN and not even accessible from the outside world in the first place. And these notifications disturb my calm. If I can't silence them or at least mark them as "ok, fine I know, I know... now go away and let me work" I am not going to use this product, well at least v7 (v6 isn't "broken" like this).

    My group is already pushing me to use LastPass and so far I have refused. I like 1password. It's simple and it works. Please stop making it "not work" as a new security feature. I promise I know what I am doing.

  • Thanks for the feedback @wjhicks. As Lars mentioned this is something we're actively discussing to see how as can improve without losing sight of our mission. Our tag line has included "strong unique passwords," after all. We do recognize that there are legitimate or necessary reasons to occasionally have records that have the same password on them. We'd like to make it less obtrusive for folks in situations like yours yet continue to warn customers about the danger of password reuse.

    Ben

  • Lars
    Lars
    1Password Alumni

    @wjhicks

    I promise I know what I am doing.

    That's the thing, though: even if I believe you (which of course I do), not everyone who uses 1Password is a proficient sysadmin - in fact, these days, most of our users are not. There was a time, back in the early days pre-2010, where it was probably the case that our then-much-smaller user base actually did consist of mostly sysadmins, IT folks, developers and other fellow security enthusiast nerds who "know what they are doing." That's no longer the case and hasn't been for a while. As cool as those early days were in many ways, one of our beliefs and goals even back then was that good security should not be restricted to just those who know what they are doing, it should be available to everyone. And that means taking some steps that ensure people cannot simply bypass or defeat (especially unknowingly) the security they (presumably) believe they're paying for when they open a 1password.com membership. We get it: our more-experienced user base finds some of these newer safeguards both intrusive and unnecessary - since they themselves know what they're doing. And we're working to find a balance between delivering the reliable security all users expect and allowing power users the freedom to customize.

  • objc
    objc
    Community Member

    Thank you for the detailed reply, @Lars!

  • Lars
    Lars
    1Password Alumni

    @objc - you're quite welcome. And thank you for taking the time to drop by here and share your experience and suggestions with us, we're truly grateful when anyone - old hand or total newbie - cares enough about the direction of 1Password to share some of their ideas with us.

  • feliperubin
    feliperubin
    Community Member

    Nothing on this topic yet ? I'm a new user and honestly thinking about going back to keychain because of this.

This discussion has been closed.