How do I get rid of these red banners alerting me to security please?

Are they there to stay for my protection or is there a way to disable them please? Thanks.


1Password Version: 7.3.657
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • ttim03
    ttim03
    Community Member

    btw the first error I know why it is for my router page at 192.168.1.1 not sure if I can make it https:// instead of http://

    The weak password one is out of my control right now if you want me to go into detail about this I can.

    The reused password thing I am not really to sure about.

  • treville
    treville
    Community Member

    The one that bothers me is the "Weak Password" on things like the Amazon Parental Code that I share with my wife. I can't find a way to tell 1Password that it's short because it has to be. It would be nice to have a way to tell 1Password about entries that are "insecure" but out of our control.

  • ttim03
    ttim03
    Community Member

    I agree.

  • Hey, @ttim03! There are two Watchtower banners that can be hidden right now – the "unsecured website" banner and the "inactive 2FA" banner. Both can be hidden by adding a tag – http for the former and 2FA for the latter.

    Specifically for weak passwords outside of your control, the way I look at those is that it's still worth being aware of. Perhaps you may change it more frequently as a result, for example. There are also cases where those should display at all. For example, anything that's only digits, fewer than 6 characters in length and doesn't have a website field should be classified as a PIN. @treville adjusting your item to fit those parameters might work for your Amazon Parental Code, depending on whether you need it to be fillable. Beyond such cases where we can know for sure that a given password is a PIN, we don't have any present plans to allow hiding the weak password warning. Again, we feel it's still giving you useful and actionable information even if you can't make the password truly strong, but if you feel like there are other scenarios where we should consider ignoring a weak password, let me know. We're happy to take these cases into consideration.

    Finally, the reused password – if you click "Reused Passwords" in the sidebar, it should show you any items sharing a password grouped by (partially masked) password. Could be a lingering older password you've not updated with a generated one yet, or maybe just a sneaky duplicate item where you need to clean one up. Of course, if you're seeing just the one item with that password yet it's still flagged as reused, let me know. :+1:

  • treville
    treville
    Community Member

    @bundtkate What do you mean by classifying it as a PIN? I don't have that category as an option in either my Windows nor OS X version (both latest as far as I can tell).

    As for changing weak passwords more often, could a field for scheduling those changes in 1Password be added to help remind us when to do it? A red alert bar for time to change a weak password that we can't make strong would be a much better option for me.

  • Sorry, @treville, it's not an option so much as something 1Password determines on its own. If your item fits all those criteria – has a password that's only digits and shorter than 6 characters AND doesn't have a URL in the website field – then 1Password should automatically not show any Watchtower banners for that item. You don't have to do anything for this to happen. I hope that helps to clarify.

    As for suggesting you change passwords, I don't know that is something we'd do. I brought it up because some folks may feel that's what's best for them, but NIST guidelines actually recommend you don't change any password unless you have reason to believe it's compromised. Rotating a password is just one example of what one might do with a password that's required to be on the weaker side rather than something I'd explicitly recommend doing. I'd be happy to pass it along to the team, of course, but given this isn't something that will be universal to everyone, it's quite possible it's something we'd pass on. One consequence of designing for the many is that we will sometimes do something that will annoy the few. The weak password warning is one such case. For most folks, it'll be something they can resolve. In the rare case it's not, we can't make a change that would impact normal usage of Watchtower negatively to combat that friction. But, we do appreciate hearing y'all's thought and will certainly take them into account and do what we can to improve. :chuffed:

  • treville
    treville
    Community Member

    @bundtkate No problem. Thanks for the clarification.

  • No trouble at all! :chuffed: :+1:

  • ElVen
    ElVen
    Community Member

    Hi,

    I have an item with a red banner saying: Compromised Login. I checked that website and it had a leak few years ago. I changed the password for the site, however 1Password keeps bothering me with that banner (and I still have this one item in the watchtower category). Can you adjust the behavior that if you do a change of an compromised login, the banner disappears? It can popup again, if there is a new leak on the same website.

    Otherwise thanks for the tip on hiding the the http and 2FA ones ;)

    br
    ElVen

  • Hi @ElVen,

    Can you adjust the behavior that if you do a change of an compromised login, the banner disappears? It can popup again, if there is a new leak on the same website.

    We already do. There may be something blocking 1Password from completing the update to remove it. Try terminating 1Password and restart, does it disappear on its own?

  • ElVen
    ElVen
    Community Member

    Hi MikeT,

    actually, I think I have done the password change on 1Password 4, just before I migrated everything to my 1Password family last November. Maybe that is why it kept the red banner. I did another password change today, and the banner is gone!
    So its great it is working like that :)

    thanks!
    br
    Ondrej

  • AGAlumB
    AGAlumB
    1Password Alumni

    Thanks for the update. I'm sorry for the difficulty there, but glad that did the trick. We'll keep working to smooth out any rough edges. :)

This discussion has been closed.